1. The way RJS Software sets up the web server prevents web users from browsing iSeries directories. This means they cannot access files in your IFS or iSeries libraries.
  2. You can give WebDocs iSeries its own web instance if you need to isolate the process.
  3. You can run the WebDocs iSeries website on a TCP/IP port other than port 80 for added security, if required. Hackers usually scan for port 80.
  4. You can set up SSL (Secured Sockets) on the iSeries for additional web security, if required. 
  5. This prevents web users from having direct access to any IFS directories other than the read-only images directory for the website. RJS Software's CGI program DOC100R in the RJSIMAGE library controls all other access. 
  6. This prevents users from being able to log in to the iSeries, since WebDocs iSeries does not use regular iSeries security. WebDocs iSeries has its own security. As long as you don't give users an iSeries ID or 5250 access, they cannot access the iSeries other than using WebDocs iSeries. 
  7. Users can only call a single program. DOC100R is the only program users can call as a URL.
  8. Users do not have any sort of 5250 sign-on or command-calling capability, so they can only call DOC100R. 
  9. WebDocs iSeries uses special iSeries web server user IDs, QTMHHTP1 and QTMHHTTP, in the background. This means that you can limit authority of any iSeries objects these two user IDs can access on the iSeries, if needed. 
  10. If you have a firewall in place, you can limit TCP/IP port access to port 80 or any other port you choose on the iSeries. This means that the iSeries can only run the instance of the web server and the program call to DOC100R. The firewall blocks all FTP, 5250, or other access. 
  11. If your locations will be accessing the web server from the internet, you can use a VPN. This adds a layer of security because the users connect to VPN before accessing WebDocs iSeries. 
  12. If you need extra security, IBM recommends that you use a small 170 or 270 system as the web server. 

While exposing any server (Windows 2000, Linux, Unix, and so on) to the internet includes some level of risk, the iSeries web server is probably the most secure web server RJS Software has worked with. Also, hackers are less likely to attack it, since they usually don't have access to iSeries systems.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: December 10, 2016