Hans,
We have several customers which do business over the Internet using
web applications, accessing their HPe3000-based information. Instead
of using a web server on the 3000, they access their data via an ODBC
driver. In this case, the only access of the 3000 is from the
customers web servers, and only on the ODBC ports. That is easily
locked down via a firewall.
On the other hand, there is no reason (technically that is :) that
your customer's web-bureau can't write their application such that
"it" is the one making the actual Apache http request of the
3000 instead of simply referring to it in the HTML. In other
words, instead of writing an HTML page referencing the perl script
on the 3000 (i.e. <a href="http://hp3000/somescript.pl">), they
could reference another web-bureau based page which itself
initiates the perl script query and simply returns the results
of that query to the requesting user. The technique to do that
depends on what the web-bureau is using (we normally use MacroMedia's
Cold Fusion application server, and in that case it would be
the <CFHTTP> tag that gets the remote web page results). The
benefit in doing it that way is that you again know that the
only legitimate (outside) accessor of the Apache web server
on the 3000 is from the web-bureau's web servers (you can
even change the port(s) used as well), so you can use a firewall
to block all other access.
Regards,
Michael L Gueterman
Easy Does It Technologies
http://www.editcorp.com
voice: 888.858.EDIT -or- 573.368.5478
fax: 573.368.5479
--
-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]]On
Behalf Of Hans-Ole Kaae, ScanConsult
Sent: Friday, August 22, 2003 3:30 AM
To: [log in to unmask]
Subject: [HP3000-L] Web-access to the 3000 - help, please
Hello fellow Listers,
We have a problem re. web-access to HP e3000. I suppose many of
you have ‘been there, done that’ - and I hope you have a few hints to
throw this way…
We have an application on the e3000, well-protected behind the
firewall etc. Now we want to open up for web-inquiries to this
application. However, more parties are involved in this project: A web-
bureau, hosting our customer’s website (from where the inquiries are
initiated) – the customer (with the HP e3000) and us
(developing/maintaining the primary application).
When an inquiry is initiated, the end-user goes to the web-site,
maintained by the web-bureau - enters the information and sends the
request to the Apache web-server on the HP e3000. We then handle
the request on the 3000 and return the appropriate answer to the
requestor, using Perl cgi-scripts.
In theory (and in the wind-tunnel) this works ok – however, there is a
security-issue. The people at the web-bureau claims, that every user
must have access to the Apache web-server on the 3000 – not just
their web-server itself. Opening up for any ip-adress of course
compromises security - so this solution is out of the question.
My question is: Having ‘outsiders’ accessing data on the 3000 from the
web must be a pretty common task these days. I really would like to
learn a little on how this is implemented - keeping the security very
high.
Thanks in advance!
/With kind regards Hans-Ole Kaae, ScanConsult.
www.scanconsult.dk
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
