Midrange News for the IBM i Community


Posted by: TFisher
Opening up ports for web services
has no ratings.
Published: 27 Jun 2013
Revised: 28 Jun 2013 - 3808 days ago
Last viewed on: 29 Nov 2023 (4579 views) 

Using IBM i? Need to create Excel, CSV, HTML, JSON, PDF, SPOOL reports? Learn more about the fastest and least expensive tool for the job: SQL iQuery.

Opening up ports for web services Published by: TFisher on 27 Jun 2013 view comments(4)

I have some web services that I have developed for a project and I have deployed them using WebSphere’s deployment tool.  Now I am running into resistance with our security team, who are not very knowledgeable about the iSeries.  They don’t want to open up the necessary ports on the firewall so that our web services can be accessed over the internet.  They claim that once these ports are open that it’s a major security risk.

What are the security risks in doing this?  I am under the impression that Apache will control access and the only thing that can be done is to call our web services.

How is the rest of the iSeries world handling this?

Return to midrangenews.com home page.
Sort Ascend | Descend

COMMENTS

(Sign in to Post a Comment)
Posted by: bobcozzi
Site Admin ****
Chicagoland
Comment on: Opening up ports for web services
Posted: 10 years 5 months 5 days 14 hours 51 minutes ago

We ignore the techies who only know Windows and have FUD as a lifestyle choice, and open them up anyway.

Posted by: TFisher
Premium member *
Comment on: Opening up ports for web services
Posted: 10 years 5 months 5 days 13 hours 23 minutes ago

So you are saying that there isn't much of a risk?

I don't think there is as long as the application is coded well so that the request data will not blow the application up.

Posted by: DaleB
Premium member *
Reading, PA
Comment on: Opening up ports for web services
Posted: 10 years 5 months 4 days 19 hours 9 minutes ago

Unless they have some fly-by-night firewall, they should be able to open the ports to target only your internal IP address. If they're thinking they need to open the ports across the board, you need to find new security guys.

Posted by: TFisher
Premium member *
Comment on: Opening up ports for web services
Posted: 10 years 5 months 4 days 18 hours 10 minutes ago

For the web services we have deployed using the ISW Wizard, we only need one port opened up for all the web services.  The request will come from the internet through the Apache server and into our RPG program.

The only things that I see is if IBM were to have a bug in IWS or in the Apache server or if I have a bug in my program that gives them access to things they shouldn't have access to.

Seems very low risk to me.  I don't see they anyone could use that port for anything else.