On 15 October 2014 18:35, Dave Day <[email protected]> wrote: > The standard port for a HTTP server to listen on is 80. So lets say I > wanted to have my own address space listen on another port, and I wanted to > have some javascript running on my desktop use the websockets api to > establish a connection with my address space. The doc I've been reading > says the URI is preceded with "WS:" , not "HTTP:", but the rest of it looks > to be the same. > > Is it a big deal from a security standpoint to open up a firewall for this > type of a connection?
Technically, not at all. Whether it's wise is another matter; you have to take responsibility for whatever is done by anyone who connects to your service, which minimally requires authentication of some sort, and protection of any sensitive data by encryption. You really don't want to roll your own with that stuff; look at the problems very experienced designers have got into over the past year or so. Even if your port is not exposed outside the enterprise, you need to have strong protection. You never know whose VPN'd-from-a-hotel-room laptop may be able to connect to your service. Politically it varies a lot. We've had customers (big companies) who have quite casually said "oh sure - your product needs port nnnn opened - no problem, I'll call Herb and he'll get it done in a few minutes", to those who require not only a business case with written technical justification from both us as vendor and their own z/OS and network people, but also two weeks lead time with the change control team. I'd say at enterprise customers the latter extreme is closer to "normal" than the former. So if you can at all avoid requiring use of any non-standard port, I'd try to. BTW, we have some IANA-registered ports. Ten years ago that seemed to impress people; now it quite correctly means nothing to network security folks. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
