Security
Levels
This section describes how security
features can be implemented at various levels.
Default Security
The HTML server identifies the client
by a mechanism similar to cookies: it encodes in the Web page a special
key which allows tracing. This
key is encoded so that duplicating it in another browser will not allow
a second connection to the application server.
The following figure shows the default
security architecture of the Web deployment software when a Dynamic 4GL
application is running on the Web.

In this figure:
- The application server is on a
secured network, and can access the Internet.
- The web server is on a secured
service network.
- The router can either be on the
secured service network or on a third, unsecured network.
- The system is usually both designed
and administered by the System or Network administrator.
- The firewall is optional.
- Your application server and your
web server can reside on the same machine.
Each runner process spawned by the
application server has a unique random number. This number is used to make
a link between each page the application server serves to the web server.
Additional Security
The following features can be used
to add additional security to your application architecture.
SSL
Using a secure socket layer (SSL)
between the Internet browser and the web server facilitates a secure data
flow.
Recommendations
for Enhancing Security
The following recommendations
can enhance the security of your applications.
Using a Filtering
Router
Disabling port 6500 (the standard
application service port) or the effective application server communication
port on the router will automatically disable access to the application
server.
Normal transactions on port 80 (standard
HTTP service port) will still be allowed, which allows the user's browser
to have access to the web server documents.
Using a Firewall
A firewall will allow only the web
server to communicate with the application server. All
requests from other hosts to the application server will be stopped by the
firewall.
|