Using IBM i? Need to create Excel, CSV, HTML, JSON, PDF, SPOOL reports? Learn more about the fastest and least expensive tool for the job: SQL iQuery.
I have some web services that I have developed for a project and I have deployed them using WebSphere’s deployment tool. Now I am running into resistance with our security team, who are not very knowledgeable about the iSeries. They don’t want to open up the necessary ports on the firewall so that our web services can be accessed over the internet. They claim that once these ports are open that it’s a major security risk.
What are the security risks in doing this? I am under the impression that Apache will control access and the only thing that can be done is to call our web services.
How is the rest of the iSeries world handling this?
We ignore the techies who only know Windows and have FUD as a lifestyle choice, and open them up anyway.
So you are saying that there isn't much of a risk?
I don't think there is as long as the application is coded well so that the request data will not blow the application up.
Unless they have some fly-by-night firewall, they should be able to open the ports to target only your internal IP address. If they're thinking they need to open the ports across the board, you need to find new security guys.
For the web services we have deployed using the ISW Wizard, we only need one port opened up for all the web services. The request will come from the internet through the Apache server and into our RPG program.
The only things that I see is if IBM were to have a bug in IWS or in the Apache server or if I have a bug in my program that gives them access to things they shouldn't have access to.
Seems very low risk to me. I don't see they anyone could use that port for anything else.