[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Question about HTTPS



Hi Charles,

My thought was that they are spell-checking a document with some degree 
of confidentiality (the health care or financial stuff you mentioned 
would be examples.)  In that situation, I would require the institution 
running the web service to sign a confidentiality agreement of some 
sort, promising that proper security/confidentiality is observed.

If the concern is that the web service could somehow be used to 
compromise the system's security, then it seems to me that the HTTP 
server you're connecting to (the web service) is the only one who could 
exploit any security hole that is found. After all, it's not a server, 
it's a client, so you control who you connect to. The security exposure 
is entirely limited to whomever that is.


On 4/12/2012 9:19 AM, Charles Wilt wrote:
> Why would the web service need to be "secure" if all you're sending it
> is a word to be spell checked?
>
> Now, if the web service were providing Credit Card authorization...I
> could understand the need for it to be secure..
>
> Perhaps you're spell checking health care or financial documents that
> include personally identifiable information??
>
> In any case, Scott's right that's a question the web service provider
> must answer.
>
> If on the other hand, you're asking if using web services opens up
> your i then that question should be answered by your network admin.
> If he/she is reasonably competent the answer should be no; as your
> firewall should only allow inbound packets that are in direct response
> to an outbound packet.  You don't need to open any holes in you
> firewall to consume a web service like you would if you were hosting a
> web service on your i.
>
> HTH,
> Charles
>
>
> On Tue, Apr 10, 2012 at 10:17 AM, Ernie Gaudes
> <egaudes@xxxxxxxxxxxxxxxxx>  wrote:
>>    Hello,
>>
>>
>>    I attended the NEUGU conference last week and came back with all kinds
>>    of good stuff. One that I found useful was the API HTTP open source.
>>    Using this and a little help from one of the handouts from the
>>    conference I was able to write a RPGLE program that consumed a web
>>    service from the net. This web service is free and will spell check a
>>    word or text. At this time I have an application in our ERP system
>>    where this would be very helpful. I had a discussion about this web
>>    service with our network manager and he had concerns about security. I
>>    see that the API supports HTTP and HTTPS. How can I ensure that the
>>    HTTPS is being used and how can I convince our manager that the web
>>    service is secure?
>>
>>
>>    Ernie Gaudes
>>
>>    Littleton Coin Co
>>
>>    Littleton NH
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------