Dirk, Not being familiar with PHP am I correct in understanding that the HTTP server runs in the iSeries in the DMZ and also contains the HTML and JS ? and that you communicate with server programs that run in the protected iSeries and work on data in this machine ? How do you generate the security Id ? Thanks, Antoon
>From: "DirkHauwaerts" <[EMAIL PROTECTED]> >Reply-To: [email protected] >To: [email protected] >Subject: [Easy400Group] Re: Security >Date: Tue, 31 Jan 2006 11:09:30 -0000 > >Hello, > >Since the security is a very big issue and production data should >well be hidden from the internet we use a seperate webserver in a >dmz zone. It is the webserver that issues the requests to the as400. >(All php code). So internet users have competely no idea of the >as400 and this makes everything very secure: >1. The ip-ranges are different so there is completley no acces from >the outside world. >2. the gerenerated html code contains no links to the as400. >3. Even if you could hack te webserver the second firewall will >prevent access to the as/400 >4. if you log on the website, a security id is generated. Every >request to the as400 should contain this id. If not all requests are >rejected. So their isn't even a way of accessing our as400 without >passing through the logon screen. > >Kind regards, > Dirk > >--- In [email protected], "johnnysidmouth" ><[EMAIL PROTECTED]> wrote: > > > > Thanks to everyone for your suggestions. I've passed them all on >to > > our technical people so hopefully we will have a solution that >will > > get around their concerns/issues. > > > > John > > > > --- In [email protected], "Warszycki, Stan x36140" > > <[EMAIL PROTECTED]> wrote: > > > > > > You could set the main web server to execute javascripts instead >of > > directly > > > executing an http link. The javascripts would contain the links >to > > your > > > iSeries machine. Store the scripts separately on the server > > instead of > > > writing them directly in your web page. That way the link would > > not be > > > apparent to someone looking at the page source. > > > > > > To be a little safer, you could set up the Apache server on your > > system to > > > allow access through a separate port instead of the standard one > > (80). > > > > > > -----Original Message----- > > > From: [email protected] [mailto:[EMAIL PROTECTED] > > > Sent: Monday, January 30, 2006 8:35 AM > > > To: [email protected] > > > Subject: [Easy400Group] Security > > > > > > > > > Hi > > > > > > I am relatively new to CGIDEV2 but I am hugely impressed. In a > > couple > > > of weeks I have written a brand new web site for us featuring >just > > > about all the functionality that we need. > > > > > > However, the technical team are raising the issue of security. > > > Apologies in advance if my terminology is poor/incorrect!!!:-) > > > > > > > > > At the moment the URL that I enter to access our test site >accesses > > > our iSeries development machine directly. The techie guys tell >me > > > that we will not be able to do this in a live sitiuation. the >URL > > > must be on our usual web server which must then "somehow" >initiate > > > the relevant processing on the iSeries. > > > > > > To me this should not be an issue but I don't have a clue how to >do > > > it and the techie guys I have spoken to are equally in the dark. > > > > > > Any sugestions? > > > > > > Rgds > > > > > > John > > > > > > > > > > > > > > > > > > > > > SPONSORED LINKS > > > How to format a computer hard drive Cobol programmer > > Iseries 400 > > > > > > How to format a computer How to format your computer How >to > > > format computer > > > > > > _____ > > > > > > YAHOO! GROUPS LINKS > > > > > > > > > > > > * Visit your group "Easy400Group > > > <http://groups.yahoo.com/group/Easy400Group> " on the web. > > > > > > > > > * To unsubscribe from this group, send an email to: > > > [EMAIL PROTECTED] > > > <mailto:[EMAIL PROTECTED] > > subject=Unsubscribe> > > > > > > > > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of > > Service > > > <http://docs.yahoo.com/info/terms/> . > > > > > > > > > _____ > > > > > > > > > _ > > > This message and any attachments are intended only for the use >of > > the addressee and > > > may contain information that is privileged and confidential. If >the > > reader of the > > > message is not the intended recipient or an authorized > > representative of the > > > intended recipient, you are hereby notified that any >dissemination > > of this > > > communication is strictly prohibited. If you have received this > > communication in > > > error, please notify us immediately by e-mail and delete the > > message and any > > > attachments from your system. > > > > > > > > > _________________________________________________________________ Bescherm je Inbox: Phishing - hoe te herkennen, rapporteren en voorkomen http://www.msn.be/security/phishing/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/Easy400Group/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
