There are some issues with tunnelling and hosting the webserver and
servlets in the DMZ.

1. Tunnelling only creates a HOLE.  It solves the problem of your
application working inspite of the firewall, but creates a security
problem.  The correct security solution -- which does require use of DMZ
-- implements 'a first class security solution' of each of the protocols
being used.  The correct way to do this is to create still another zone
within a DMZ which is sacrificial, and host your APPLICATION web server
and servlets there.

2. The protocol from the servlet to your intranet -- which your
application server is hosted -- should ideally be proxied.

Hope that helps.

R

Robert Patrick wrote:
>
> Hi Jeff,
>
> At 09:48 PM 8/18/99 -0700, you wrote:
> >
> > <stuff deleted>
> >
> >If I want to reuse some of the EJB services that I created previously,
> >what would be the suggested config?  Is it possible to have a Java
> >client and use JNDI/EJB through a DMZ?  I assume that callbacks would
> >not be permitted which would disallow the use of such things as JMS.  Is
> >this correct?  Does anyone know if Weblogic has a solution for this?  I
> >know that Sun's JDK does HTTP tunneling.  Does Weblogic's RMI do the
> >same thing and how does this apply to EJB?
>
> WebLogic supports http/https tunneling.
>
> >I am leaning towards an HTML client and use servlets/JSP.  It sounds as
> >if there is too many problems with RMI through the firewall.  Although I
> >would like a more stateful client for my customers.  Also I am not sure
> >if the JNDI lookup would work because the Weblogic URL is t3://....
> >which does not have the http protocol in it.  The web server / servlet
> >engine in the DMZ can either process the request or act as a proxy
> >through the inner firewall.
>
> If you change the URL from t3://... to http://..., you will be tunneling
> your requests but this will not solve the problem of getting through both
> firewalls.  I would highly recommend the WebServer (and servlet engine) in
> the DMZ approach.
>
> Just my two cents,
> Robert
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST".  For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
begin:vcard
n:Arora;Rajeev
x-mozilla-html:FALSE
org:Systemsmiths (www.systemsmiths.com.au)
version:2.1
email;internet:[EMAIL PROTECTED]
title:Principal
tel;fax:+61 3 9803-2133
tel;work:+61 3 9803-2133
adr;quoted-printable:;;3 Clarinda Court=0D=0AVermont South;Melbourne;Victoria;3133;Australia
x-mozilla-cpt:;0
fn:Rajeev Arora
end:vcard

Reply via email to