Hello Antoon, At this time i use a seperate server (just a pc). Besides security this has some other advantages. - Internet users never come to the local net. So much more reduced traffic over the routers. - Use the best tools available to build websites. (Currently we are testing to use i/frames for smooth surfing). Personaly i don't even know how to write html. - Complete seperation of logic and code. - PHP is used to construct the website and its logic - Smarty (PHP componant) contains all the visible parts (the html) - entity classes contain the connction to the as/400 (Eg. A customer, an order, ..) - an interface will translate the entities into web-request for the as/400. - On the as/400 these request will start loading data. - The as/400 parses back tables with data. - PHP creates the html out of the data and the screens.
Looks complicated but once working, you can write apps very fast. The security id is just the jobnumber and timestamp at login time. This is past back and forth between the webserver (a session variable) and the as400. The user surfing has completely no knowledge over this id. (It is send between the webserver and as400, not the browser) Additionally we log all request to the as400 so we can trace what logged users do. Kind regards, Dirk If you want we could discuss this a little more in detail. I'm in Antwerp a few days/month. --- In [email protected], "Antoon van Os" <[EMAIL PROTECTED]> wrote: > > Dirk, > Not being familiar with PHP am I correct in understanding that the HTTP > server runs in the iSeries in the DMZ and also contains the HTML and JS ? > and that you communicate with server programs that run in the protected > iSeries and work on data > in this machine ? > How do you generate the security Id ? > Thanks, > Antoon > > >From: "DirkHauwaerts" <[EMAIL PROTECTED]> > >Reply-To: [email protected] > >To: [email protected] > >Subject: [Easy400Group] Re: Security > >Date: Tue, 31 Jan 2006 11:09:30 -0000 > > > >Hello, > > > >Since the security is a very big issue and production data should > >well be hidden from the internet we use a seperate webserver in a > >dmz zone. It is the webserver that issues the requests to the as400. > >(All php code). So internet users have competely no idea of the > >as400 and this makes everything very secure: > >1. The ip-ranges are different so there is completley no acces from > >the outside world. > >2. the gerenerated html code contains no links to the as400. > >3. Even if you could hack te webserver the second firewall will > >prevent access to the as/400 > >4. if you log on the website, a security id is generated. Every > >request to the as400 should contain this id. If not all requests are > >rejected. So their isn't even a way of accessing our as400 without > >passing through the logon screen. > > > >Kind regards, > > Dirk > > > >--- In [email protected], "johnnysidmouth" > ><[EMAIL PROTECTED]> wrote: > > > > > > Thanks to everyone for your suggestions. I've passed them all on > >to > > > our technical people so hopefully we will have a solution that > >will > > > get around their concerns/issues. > > > > > > John > > > > > > --- In [email protected], "Warszycki, Stan x36140" > > > <[EMAIL PROTECTED]> wrote: > > > > > > > > You could set the main web server to execute javascripts instead > >of > > > directly > > > > executing an http link. The javascripts would contain the links > >to > > > your > > > > iSeries machine. Store the scripts separately on the server > > > instead of > > > > writing them directly in your web page. That way the link would > > > not be > > > > apparent to someone looking at the page source. > > > > > > > > To be a little safer, you could set up the Apache server on your > > > system to > > > > allow access through a separate port instead of the standard one > > > (80). > > > > > > > > -----Original Message----- > > > > From: [email protected] [mailto:[EMAIL PROTECTED] > > > > Sent: Monday, January 30, 2006 8:35 AM > > > > To: [email protected] > > > > Subject: [Easy400Group] Security > > > > > > > > > > > > Hi > > > > > > > > I am relatively new to CGIDEV2 but I am hugely impressed. In a > > > couple > > > > of weeks I have written a brand new web site for us featuring > >just > > > > about all the functionality that we need. > > > > > > > > However, the technical team are raising the issue of security. > > > > Apologies in advance if my terminology is poor/incorrect!!!:- ) > > > > > > > > > > > > At the moment the URL that I enter to access our test site > >accesses > > > > our iSeries development machine directly. The techie guys tell > >me > > > > that we will not be able to do this in a live sitiuation. the > >URL > > > > must be on our usual web server which must then "somehow" > >initiate > > > > the relevant processing on the iSeries. > > > > > > > > To me this should not be an issue but I don't have a clue how to > >do > > > > it and the techie guys I have spoken to are equally in the dark. > > > > > > > > Any sugestions? > > > > > > > > Rgds > > > > > > > > John > > > > > > > > > > > > > > > > > > > > > > > > > > > > SPONSORED LINKS > > > > How to format a computer hard drive Cobol programmer > > > Iseries 400 > > > > > > > > How to format a computer How to format your computer How > >to > > > > format computer > > > > > > > > _____ > > > > > > > > YAHOO! GROUPS LINKS > > > > > > > > > > > > > > > > * Visit your group "Easy400Group > > > > <http://groups.yahoo.com/group/Easy400Group> " on the web. > > > > > > > > > > > > * To unsubscribe from this group, send an email to: > > > > [EMAIL PROTECTED] > > > > <mailto:[EMAIL PROTECTED] > > > subject=Unsubscribe> > > > > > > > > > > > > * Your use of Yahoo! Groups is subject to the Yahoo! Terms of > > > Service > > > > <http://docs.yahoo.com/info/terms/> . > > > > > > > > > > > > _____ > > > > > > > > > > > > _ > > > > This message and any attachments are intended only for the use > >of > > > the addressee and > > > > may contain information that is privileged and confidential. If > >the > > > reader of the > > > > message is not the intended recipient or an authorized > > > representative of the > > > > intended recipient, you are hereby notified that any > >dissemination > > > of this > > > > communication is strictly prohibited. If you have received this > > > communication in > > > > error, please notify us immediately by e-mail and delete the > > > message and any > > > > attachments from your system. > > > > > > > > > > > > > > > > > _________________________________________________________________ > Bescherm je Inbox: Phishing - hoe te herkennen, rapporteren en voorkomen > http://www.msn.be/security/phishing/ > Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/Easy400Group/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
