Hello, Since the security is a very big issue and production data should well be hidden from the internet we use a seperate webserver in a dmz zone. It is the webserver that issues the requests to the as400. (All php code). So internet users have competely no idea of the as400 and this makes everything very secure: 1. The ip-ranges are different so there is completley no acces from the outside world. 2. the gerenerated html code contains no links to the as400. 3. Even if you could hack te webserver the second firewall will prevent access to the as/400 4. if you log on the website, a security id is generated. Every request to the as400 should contain this id. If not all requests are rejected. So their isn't even a way of accessing our as400 without passing through the logon screen.
Kind regards, Dirk --- In [email protected], "johnnysidmouth" <[EMAIL PROTECTED]> wrote: > > Thanks to everyone for your suggestions. I've passed them all on to > our technical people so hopefully we will have a solution that will > get around their concerns/issues. > > John > > --- In [email protected], "Warszycki, Stan x36140" > <[EMAIL PROTECTED]> wrote: > > > > You could set the main web server to execute javascripts instead of > directly > > executing an http link. The javascripts would contain the links to > your > > iSeries machine. Store the scripts separately on the server > instead of > > writing them directly in your web page. That way the link would > not be > > apparent to someone looking at the page source. > > > > To be a little safer, you could set up the Apache server on your > system to > > allow access through a separate port instead of the standard one > (80). > > > > -----Original Message----- > > From: [email protected] [mailto:[EMAIL PROTECTED] > > Sent: Monday, January 30, 2006 8:35 AM > > To: [email protected] > > Subject: [Easy400Group] Security > > > > > > Hi > > > > I am relatively new to CGIDEV2 but I am hugely impressed. In a > couple > > of weeks I have written a brand new web site for us featuring just > > about all the functionality that we need. > > > > However, the technical team are raising the issue of security. > > Apologies in advance if my terminology is poor/incorrect!!!:-) > > > > > > At the moment the URL that I enter to access our test site accesses > > our iSeries development machine directly. The techie guys tell me > > that we will not be able to do this in a live sitiuation. the URL > > must be on our usual web server which must then "somehow" initiate > > the relevant processing on the iSeries. > > > > To me this should not be an issue but I don't have a clue how to do > > it and the techie guys I have spoken to are equally in the dark. > > > > Any sugestions? > > > > Rgds > > > > John > > > > > > > > > > > > > > SPONSORED LINKS > > How to format a computer hard drive Cobol programmer > Iseries 400 > > > > How to format a computer How to format your computer How to > > format computer > > > > _____ > > > > YAHOO! GROUPS LINKS > > > > > > > > * Visit your group "Easy400Group > > <http://groups.yahoo.com/group/Easy400Group> " on the web. > > > > > > * To unsubscribe from this group, send an email to: > > [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED] > subject=Unsubscribe> > > > > > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of > Service > > <http://docs.yahoo.com/info/terms/> . > > > > > > _____ > > > > > > _ > > This message and any attachments are intended only for the use of > the addressee and > > may contain information that is privileged and confidential. If the > reader of the > > message is not the intended recipient or an authorized > representative of the > > intended recipient, you are hereby notified that any dissemination > of this > > communication is strictly prohibited. If you have received this > communication in > > error, please notify us immediately by e-mail and delete the > message and any > > attachments from your system. > > > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/Easy400Group/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
