Boss says -
Then, after that, you still have AS/400 built-in security to protect your data and other resources. How often do you use FTP to your AS/400? When you do, do you start the FTP server, use FTP, then end the FTP server? That's what you SHOULD do, but I'd venture a guess that the majority of people don't. Next, try Telnetting into your FTP port. You'll be amazed to find that not only is it available, but it's extremely helpful. I won't go into detail, but it's an extremely dangerous feature, and all but unknown to AS/400 programmers. However, it's STANDARD in the non-AS/400 world to do just that. Now all "they" need is a user ID and password; and guess what? They may be able to get that with a decent packet sniffer, once they're on your network. Of course, with the "sniff" and "son of sniff" programs, we all know that AS/400 passwords aren't as secure as we thought they were. Anyway, all I'm saying is that an AS/400 is not a "secure" web server. It's reasonably secure, but not anything close to completely secure. Nor is a simple firewall. Before you make a blanket statement that it's okay to use a production AS/400 as a web server, you may want to first understand what data is on that AS/400 and how sensitive it is. Joe http://www.java400.net http://www.edeployment.com http://www.plutabrothers.com
Then, after that, you still have AS/400 built-in security to protect your data and other resources. How often do you use FTP to your AS/400? When you do, do you start the FTP server, use FTP, then end the FTP server? That's what you SHOULD do, but I'd venture a guess that the majority of people don't. Next, try Telnetting into your FTP port. You'll be amazed to find that not only is it available, but it's extremely helpful. I won't go into detail, but it's an extremely dangerous feature, and all but unknown to AS/400 programmers. However, it's STANDARD in the non-AS/400 world to do just that. Now all "they" need is a user ID and password; and guess what? They may be able to get that with a decent packet sniffer, once they're on your network. Of course, with the "sniff" and "son of sniff" programs, we all know that AS/400 passwords aren't as secure as we thought they were. Anyway, all I'm saying is that an AS/400 is not a "secure" web server. It's reasonably secure, but not anything close to completely secure. Nor is a simple firewall. Before you make a blanket statement that it's okay to use a production AS/400 as a web server, you may want to first understand what data is on that AS/400 and how sensitive it is. Joe http://www.java400.net http://www.edeployment.com http://www.plutabrothers.com
Comment