[Info-vax] Using VMS for a web server
Jan-Erik Soderholm
jan-erik.soderholm at telia.com
Tue Jun 9 08:06:00 EDT 2015
Bill Gunshannon skrev den 2015-06-09 13:56:
> In article <ml4q18$o1k$1 at news.albasani.net>,
> Jan-Erik Soderholm <jan-erik.soderholm at telia.com> writes:
>> johnwallace4 at yahoo.co.uk skrev den 2015-06-08 21:06:
>>> On Monday, 8 June 2015 19:40:59 UTC+1, Jan-Erik Soderholm wrote:
>>>> David Froble skrev den 2015-06-08 19:21:
>>>>> Bill Gunshannon wrote:
>>>>>
>>>>>> Exactly. I would never run a webserver on a machine that was intended
>>>>>> to do the data processing for the business.
>>>>>
>>>>> It would depend, but I'd usually agree with this.
>>>>
>>>> David, how many web servers have *you* setup and managed?
>>>> On VMS or on any platform?
>>>>
>>>> There isn't anything magic with a web server, it is just
>>>> another application out there. You can use it and you can
>>>> missuse it as much as you like. Just as any application
>>>
>>> It's not really to do with whether Dave's run a webserver...
>>
>> Dave's "I'll never touch *that*" and "don't run *that* here" attitude
>> has very much to do with inexperience within the actual area.
>>
>> I'have been running web servers on VMS since our MicroVAX 3100/90
>> was the factory main system with great success. And I have no
>> problem putting a web server on any "modern" VMS system today.
>>
>> The usual reaction is, "Oh, can you do *that* with *that* system?".
>>
>> Note, I have no problem that other web service things are run
>> on other servers where that specific web application runs best.
>> (And that is more or less everything else around the web that
>> doesn't have any connection to our VMS applications or data.)
>>
>> It is always a matter of using the right tool from the right toolbox.
>> Sometimes the toolbox as a sign saying "VMS", sometimes the toolbox
>> has some other sign...
>>
>> But saying, "oh, I'd never use *that* tool from *my* VMS toolbox",
>> is simply silly.
>>
>
> Well, I thought the debate was actually about world facing web servers.
> I have single task webservers running on devices. SWAT on a SAMBA box.
> Any Cisco box (although I, personally, don't use them because they
> handcuff the administrator in a fashion I consider unacceptable.)
>
> Our world facing department web server is on a VM and that webserver is
> all it runs. If it needs to access a database it will find it on the
> machine that handles our databases (two of them, one for development and
> another for production. Yes, there is "production" even in academia.)
Our web scripts read the SL database, but it also process logical
names, reads RMS data files and other stuff. This is easy since
the web server process is just another VMS process.
> A number of other specific tasks are single applications on standalone
> boxes (VM's, actually). That to is a part of "DiD", Defense in Depth.
> Compromising a single box should not hand the attacker the keys to the
> entire enterprise.
Of course. No matter what way he takes. I don't see how an web
server stands out here. There are probably simpler ways, if
you realy want to.
>
> bill
>
More information about the Info-vax
mailing list