If they are indicating that they will not allow outside users to attach
directly to your Iseries for web access, then you are unfortunately out of
luck.
There are several options for you. The first is to ensure that your web people
understand the security of the Iseries. If you have one port that is accessible
to the internet (they should know how to restrict access to a single port),
there really is NO security risk. The only thing that is accessible on that
port is HTTP services. Therefore the only thing that can be done is via
whatever you allow to happen through CGI or static HTML. I do not see any risk.
This is how it was configured at one location I was at. The network guys were
very good at controlling port access into our systems. They also did some port
mapping so that the outside world never knew the address of our Iseries.
The other option is to create a partition if you can, move your CGI programs to
that partition, configure HTTP services there, and then create a library that
contains DDM files back to the production machine that are public authority
exclude, and grant access ONLY to QTMHTTP and QTMHTTP1 (the HTTP server
profiles). The only active job on that partition would be in subsystem QHTTPSVR
(the HTTP server jobs). The DDM should be configured through SNA, and there
should be no TCP configurations pointing back to your production machine.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/Easy400Group/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
