There are some issues with tunnelling and hosting the webserver and servlets in the DMZ. 1. Tunnelling only creates a HOLE. It solves the problem of your application working inspite of the firewall, but creates a security problem. The correct security solution -- which does require use of DMZ -- implements 'a first class security solution' of each of the protocols being used. The correct way to do this is to create still another zone within a DMZ which is sacrificial, and host your APPLICATION web server and servlets there. 2. The protocol from the servlet to your intranet -- which your application server is hosted -- should ideally be proxied. Hope that helps. R Robert Patrick wrote: > > Hi Jeff, > > At 09:48 PM 8/18/99 -0700, you wrote: > > > > <stuff deleted> > > > >If I want to reuse some of the EJB services that I created previously, > >what would be the suggested config? Is it possible to have a Java > >client and use JNDI/EJB through a DMZ? I assume that callbacks would > >not be permitted which would disallow the use of such things as JMS. Is > >this correct? Does anyone know if Weblogic has a solution for this? I > >know that Sun's JDK does HTTP tunneling. Does Weblogic's RMI do the > >same thing and how does this apply to EJB? > > WebLogic supports http/https tunneling. > > >I am leaning towards an HTML client and use servlets/JSP. It sounds as > >if there is too many problems with RMI through the firewall. Although I > >would like a more stateful client for my customers. Also I am not sure > >if the JNDI lookup would work because the Weblogic URL is t3://.... > >which does not have the http protocol in it. The web server / servlet > >engine in the DMZ can either process the request or act as a proxy > >through the inner firewall. > > If you change the URL from t3://... to http://..., you will be tunneling > your requests but this will not solve the problem of getting through both > firewalls. I would highly recommend the WebServer (and servlet engine) in > the DMZ approach. > > Just my two cents, > Robert > > =========================================================================== > To unsubscribe, send email to [EMAIL PROTECTED] and include in the body > of the message "signoff EJB-INTEREST". For general help, send email to > [EMAIL PROTECTED] and include in the body of the message "help".
begin:vcard n:Arora;Rajeev x-mozilla-html:FALSE org:Systemsmiths (www.systemsmiths.com.au) version:2.1 email;internet:[EMAIL PROTECTED] title:Principal tel;fax:+61 3 9803-2133 tel;work:+61 3 9803-2133 adr;quoted-printable:;;3 Clarinda Court=0D=0AVermont South;Melbourne;Victoria;3133;Australia x-mozilla-cpt:;0 fn:Rajeev Arora end:vcard
