|
WebFacing documentation doesn't deal with security
beyond the basics of the user logon (which can be
either prompted or defaulted for each CL invocation).
That makes some sense because security isn't a
"WebFacing" issue in an app server environment. There
are many options AND issues. I've done security
design for iSeries e-business customers and we address
five basic issues:
Authentication: The user is who they claim to be
Authorization: The user has access to the right
application objects
Availability: The applications are available to the
user for access
Privacy: The information is encrypted between the
server and the user
Integrity: The information is guaranteed NOT to have
changed since it was generated on the client or the
server during transmission
My company, ebt-now, is a WebFacing services provider
so we help customers develop the security solutions
they need specifically for a given environment:
- We can put up a simple security front end that
authenticates a user against a DB2 table or an LDAP
directory server (then you don't have to assign all
remote users an iSeries user profile for instance)
- We setup secure environments using SSL with
WebSphere, WebSphere Express, Tomcat and Apache HTTP
server as needed. ==================================
MORE INFORMATION ON THIS TOPIC
==================================
Check out these Best Web Links on Web development.
Ask the Experts yourself: Our Web development gurus are waiting to answer your questions.
Ask your Web development & WebSphere questions -- or help out your peers by answering them--in our WebSphere & Web Development Forum.
|
