× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. May 2015

Re: IBM i authentication and RESTful web service design

Guys



We have all a preferred environment to access IBM I applications that may
in general be divided into three categories:



Native ILE, where most frameworks are done in a combination of SQLRPGLE and
QC2LE C-modules and are a part of the Native environment.



PASE (Java, PHP, RUBY, NodeJS etc.), that connects to the ILE environment
using SQL, Stored procedures and/or XMLSERVICE.



.NET (Microsoft frontend on Wintel), that connects to the ILE environment
using SQL, Stored procedures and/or XMLSERVICE.



For Kelly it would be a fairly easy choice if it wasn’t for the fact that
his Native Environment is programmed in COBOL that to my best knowledge
isn’t well supported by the various Native ILE Frameworks (Open Source or
proprietary) that already exists.



He has a separated pool of .NET programmers and COBOL programmers that
traditional doesn’t mix which in itself indicates that they are working on
separate applications. He hasn’t either told us how familiar the COBOL
programmers are working with ILE/Service Programs (QC2LE or RPGLE) and
SQLCBLLE or if any of these COBOL programmers perhaps has a little
knowledge to RPGLE/Free.



What he also hasn’t told us is what kind of applications he plans to use
the “new” environment for. Should it be used for connecting .NET apps to
the Native Apps (integration) or is it for replacing 5250 UI’s with browser
based UI’s?



What he has told us is that he wants some kind of SOA (Service Oriented
Architecture) base on some generic REST like architecture. What he hasn’t
told us is what he plans to put in front of such architecture since it
doesn’t come with an UI that one way or another then has to be coded
separately and today in practice has to use a Client Javascript Framework
such as JQuery, AngularJS or EXT JS (just to mention some).



A simple REST/CRUD may return data like this:



http://5.103.128.110:6380/pextcgidmo/wow04.pgm



While it must be UI represented like this:



http://5.103.128.110:6380/wow05.html



The biggest problem I think Kelly has is what present skills (not to
mention willingness) the COBOL pool of programmers has, since they now has
to walk into the world of UI web-development (HTML5, CCS3 and Javascript,
JSON, XML, HTTP etc.) that is quite another ballgame than making native
5250 COBOL programs. We must however assume that the poll of .NET
programmers has such skills. On the other hand they may not have skills in
the Business Applications that typical runs on IBM I and what are their
willingness to jump over that fence?



Now we are approaching a complete other angel to the problem, how to
implement new technologies in an apparently divided organization between to
technologies? From a psychological and an organizational point of view you
simply have to identify “willingness and curiosity” and “first movers” in
the organization and give them the best motivation and personal framework
of all – “success”.



Kelly has taken a very theoretical technological approach (disregarding the
organizational build) and what he really seeks is maybe how to move the
organization into a more IT efficiency/incremental innovation stack – not a
break-through innovation that doesn’t come from IT in a logistic company
but only comes from more and more efficient “on hour or minutes time
deliveries” by those that has made it their trade.



Think about that gents ;-)

On Thu, May 21, 2015 at 5:59 PM, Richard Schoen <
Richard.Schoen@xxxxxxxxxxxxxxx> wrote:

Thanks for the feedback and clarifications. Credibility restored :-)

Actually I haven't used the XMLSERVICE with PHP or Ruby, but essentially
what I did was put a layer above the CGI calls so the XMLSERVICE can easily
be called from a .Net application via HTTP based function calls that are
.Net friendly.

For safety sake though this or any API that accepts SQL should typically
only be used by the web app itself internally and never exposed to the web.
Also SSL is always a good thing as well to avoid wire sniffers.

I think that's where your concern about SQL injection is definitely valid.

I think it's good we all have different perspectives. As with anything
there is always choice no matter how we want someone to do it our way.

Have a nice long holiday weekend. Freedom rules !!

Regards,

Richard Schoen | Director of Document Management Technologies, HelpSystems
T: + 1 952-486-6802
RJS Software Systems | A Division of HelpSystems
richard.schoen@xxxxxxxxxxxxxxx
www.rjssoftware.com
Visit me on: Twitter | LinkedIn

-----Original Message-----

------------------------------

message: 2
date: Wed, 20 May 2015 21:08:56 -0600
from: Nathan Andelin <nandelin@xxxxxxxxx>
subject: Re: [WEB400] IBM i authentication and RESTful web service
design

Richard,

I should apologize about using the term "SQL injection" so loosely. I know
the term has a negative connotation. My point was that one wouldn't want to
provide a "service" which enabled HTTP clients (SPAs, etc.) to send SQL
statements to a server for execution. Wouldn't you agree?

Of course ASP.NET applications send SQL statements to servers all the
time for execution, and there's nothing wrong with that. I couldn't help
but note the irony ;-)

Seriously, no offense intended in regards to your XMLSERVICE .Net Wrapper.
I view XMLSERVICE as a valuable resource. I admit to not having looked at
your .Net wrapper, but I have studied the PHP toolkit. Would it be a big
mistake for me to assume that your .Net interface is similar?

I don't recall saying anything recently about war in Iraq, ground water
contamination, or my general unhappiness. Is that your way of exaggerating
and fabricating a position for me?
,
Your viewing me as huffing and puffing anytime I think about .Net is
humorous. I admit to having issues with Microsoft products which I view as
competitive threats against IBM i. But I mostly believe that organizations
would be better served by migrating applications from Windows to IBM i.
Five years of professional experience dedicated to developing under Visual
... and deploying under Windows servers, should count for some credibility
;-)

What about 15 years experience developing hundreds of web applications
under IBM i? No?

In regards to educational opportunities at Microsoft Ignite; sorry, my
world does not revolve around Microsoft. But you already new that.
Hopefully that's okay on this list.



--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/web400.





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.