Boss says -
In the security sessions I attended at COMMON, the common thread (no pun intended) was to secure your production data from TCP/IP access. By making secure production data accessible through DDM to an AS/400 with TCP/IP access, you have in effect given TCP/IP access to the production data. The idea of having the web server AS/400 is to provide a demilitarized zone where no production data is accessible through regular file access, but instead only through controlled server programs not accessible through TCP/IP. FWIW The idea of locking TCP/IP access from host systems is where banks were 4 years ago. Since then the pervasiveness of IP based solutions means that IP has become enabled and the banks that are no longer insisting on SNA gateways. So a web server or application server will sit in the demilitarised zone and access the Host through a firewall. The firewall is configured to allow specific IP ports from specific IP addresses. So I cant see why the same cant be applied to DDM, or configure the DDM session to be SNA. David
In the security sessions I attended at COMMON, the common thread (no pun intended) was to secure your production data from TCP/IP access. By making secure production data accessible through DDM to an AS/400 with TCP/IP access, you have in effect given TCP/IP access to the production data. The idea of having the web server AS/400 is to provide a demilitarized zone where no production data is accessible through regular file access, but instead only through controlled server programs not accessible through TCP/IP. FWIW The idea of locking TCP/IP access from host systems is where banks were 4 years ago. Since then the pervasiveness of IP based solutions means that IP has become enabled and the banks that are no longer insisting on SNA gateways. So a web server or application server will sit in the demilitarised zone and access the Host through a firewall. The firewall is configured to allow specific IP ports from specific IP addresses. So I cant see why the same cant be applied to DDM, or configure the DDM session to be SNA. David
Comment