×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
From: John Jones
Placing a database in the DMZ is a direct violation of PCI DSS 1.3.7.
More specifically PCI DDS 1.3.7 states:
"Place system components that store cardholder data (such as a database) in an
internal network zone, segregated from the DMZ and other untrusted networks."
By definition, a DMZ is an untrusted network, so why place ANY server, including
a Web server, or an application server, let alone a database server in a DMZ?
Set up a network with multiple private network segments (zones), separated by
firewall routers and place your IBM i server in a secure network zone.
John, the problem I'm having with your posts is that they imply that if you open
up an HTTP service under IBM i, then it violates PCI and other best practices,
and may be less secure than front-ending an IBM i with a commodity web server
running in a separate network segment. I disagree with that, but if you feel so
strongly about it, I'd suggest that the commodity web server run Apache as a
reverse proxy and simply forward Web requests to an IBM i HTTP service.
-Nathan
midrange.com
