Is this for an inside-your-enterprise-firewalls-only sort of application or is there any possibility it will end up exposed to the World Wild Web?
Other than the obvious (validating your user and so forth) you need I believe to consider the possibility of Denial of Service attacks. Be very careful about buffer overflows and similar considerations especially before you have validated your user. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Dave Day Sent: Wednesday, October 15, 2014 3:35 PM To: [email protected] Subject: TCP/IP Port question vis-a-vis firewalls and such on z/OS using Websockets The standard port for a HTTP server to listen on is 80. So lets say I wanted to have my own address space listen on another port, and I wanted to have some javascript running on my desktop use the websockets api to establish a connection with my address space. The doc I've been reading says the URI is preceded with "WS:" , not "HTTP:", but the rest of it looks to be the same. Is it a big deal from a security standpoint to open up a firewall for this type of a connection? The z/OS address space listening on the port will process and return data specific to the application running on the desktop, and will discard anything that isn't formatted according to its own internal data formats. Will probably pass JSON buffers back and forth. I'm exploring this as an alternative to implementing a browser to HTTP server. If I use that, I've got to write the CGI program, connect to the same address space, get the data, format the JSON buffer, then write the new web page back to the HTTP server, which then eventually gets back to the browser on the desktop. Seems like the websockets approach is a whole lot cleaner, and more efficient. Has anyone been down this path? Would there be security issues with this approach? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
