Remote PC to AS/400 Communication -- suggestions?
SS
Windows/NT box. We will be needing to communicate back to a remote AS/400
for various information (order information, inventory status, pricing,
freight, etc). We've got several ideas of our own, but I was wondering if
anybody has any suggestions/ideas about the best way to do this, balancing
securiy and performance. We were thinking of putting in a direct connect
connection via TCP/IP and doing sockets (for performance), but I'm
wondering if an SNA connection wouldn't be more secure since it's be a lot
tougher to hack into from a web site.
ANy ideas? Anybody done this yet? Thanks!
Steve
Paul Nicolay
A good idea, offcourse... use the AS/400 to run the webserver.
Unfortunately, there are some uncertaincies about the release of
Net.Commerce on the AS/400 if I'm correct.
As fas as security is concerned, your webserver should be installed in a
DMZ, in which you can control/protect a single sockets opening to the
AS/400. If properly setup, this shouldn't be a problem, and even better
secured than SNA.
Kind regards,
Paul
_______________
SS <steve...@erols.com> wrote in article
<01bdfda6$69bf8700$e7f0...@SteveS.asaint.com>...
The contents of this message express only the sender's opinion.
This message does not necessarily reflect the policy or views of
my employer, Merck & Co., Inc. All responsibility for the statements
made in this Usenet posting resides solely and completely with the
sender.
boo...@ibm.net
In <01bdfda6$69bf8700$e7f0...@SteveS.asaint.com>, on 10/22/98
at 10:27 AM, "SS" <steve...@erols.com> said:
>We're going to be implementing a Web site using Net.Commerce on an
>Windows/NT box. We will be needing to communicate back to a remote
>AS/400 for various information (order information, inventory status,
>pricing, freight, etc). We've got several ideas of our own, but I was
>wondering if anybody has any suggestions/ideas about the best way to do
>this, balancing securiy and performance. We were thinking of putting in
>a direct connect connection via TCP/IP and doing sockets (for
>performance), but I'm wondering if an SNA connection wouldn't be more
>secure since it's be a lot tougher to hack into from a web site.
>ANy ideas? Anybody done this yet? Thanks!
>Steve
--
-----------------------------------------------------------
boo...@ibm.net
Booth Martin
-----------------------------------------------------------
Tom Harding
way to get good information onto your site is to use your real
production system, which scares the bejeezus out of most people for
obvious reasons. There are two general solutions:
- Move the public connection point elsewhere and communicate back
By doing this you will be giving up functionality to a greater or lesser
degree. I have heard IBM suggest using SNA for the link to your
production system. This really gives no added security because a hacker
could hack the public site and then use the SNA link to communicate to
your production system. They also suggest turning it on only part of
the time. This is unacceptable if you really want real-time
information.
- Make your production system secure
In fact, a TCP/IP interface is quite secure in that it exports only the
functions you want to export. If you are not transmitting information
which is in itself valuable (ie credit card numbers) then SSL encryption
is optional but recommended. The place to monitor for abuse is in your
production system through usage patterns of your customers. A good
firewall is absolutely essential and as a pure security measure it is
far preferable to complicating and slowing down the application with
extra machines and middleware layers. Since any host open to the public
(as in the scenario above) could get hacked and thus provide a route to
your production system, you are going to have to do this anyway.
Tom Harding
ThinLink Solutions - AS/400 Internet Commerce
http://www.thinlink.com
email is tomh