- AES
-
AES is a 128 bit private-key encryption algorithm, considered virtually unbreakable, and endorsed by the U.S. government as the best algorithm to use. It beats out both DES and triple-DES. WebSmart includes functions that let you encrypt any data using AES. This means you can store sensitive data in iSeries database files encrypted with AES (eg. Passwords or credit card numbers). This prevents rogue programmers or power users who may somehow have unauthorized access to database information from hijacking sensitive data from your files.
- Apache Web Server
-
See HTTP server.
- AS400
-
See System i5.
- Client
-
A browser running on a PC or Macintosh. The most popular browser is Microsoft's IE. Other browsers include Netscape, Opera and Mozilla, most of which are available for Windows, Macintosh or Linux operating systems.
- Cookie
-
Persistent data stored on a client via the browser. The data can persist for just the life of an open browser session, or until a specified expiry time. Most browsers provide the ability for the user to set various levels of cookie acceptance (including none at all). Use of cookies by commercial web sites is commonplace. Each cookie is associated with the web site that created it. Browsers contain license key that makes it impossible for any web site to access, modify or recreate a cookie from another site.
- DDS
-
Data description specifications. Used to describe OS/400 files - physicals, logicals, display files and printer files.
- Firewall
-
Software or hardware that controls incoming and outgoing traffic to internal network services such as HTTP (web serving), FTP (file transfer) and email. A firewall serves as the first line of defense to prevent unauthorized access to your network, and to prevent DOS (Denial of Service) attacks. Typically, a network administrator configures the firewall to permit only certain packets of data to enter inside the network. A firewall can be an internet appliance (similar to a router), a PC running firewall software, or software running on an iSeries. Many organizations use a separate piece of hardware so that if the firewall is inundated with outside attacks and subsequently goes down, none of the other servers behind the firewall are affected.
- HTTP server
-
For purposes of this document, the software that provides HTTP transport capabilities for serving web pages. On the iSeries there are two different HTTP Servers that can be installed. The Original HTTP server is the one that was first provided with OS/400, and is based on the CERN HTTP server. The Apache web server is the latest one. It is configurable and runs like the Unix version of the Apache Web Server, which is the most popular web server on the web. The Unix Apache Web Server is Open Source, and covered by the GPL (General Public License). See The Apache Foundation at www.apache.org for more details. The OS/400 version of the Apache Server is not Open Source. Other popular web servers include Microsoft's IIS.
- IFS
-
Integrated File System. The area on the iSeries - i5 which is used to store static stream files such as images, HTML documents, text documents, etc. The structure of the IFS is similar to a Unix or Windows directory structure. You can work with the IFS directly in a green-screen session using commands such as WRKLNK, or through Operations Navigator, or through Client Access. The IFS can be directly accessed as another network drive from your PC by mapping it to a drive letter, just like any other network drive. Files on the IFS are protected via a combination of OS/400 object security and HTTP server directives.
- iSeries
-
See System i5.
- Nexus Web Portal
-
A web portal application built with WebSmart that utilizes the WebSmart WAS. Nexus includes special security features that are integrated into the Original HTTP or Apache Web Servers.
- Original HTTP Server
-
See HTTP server.
- OS/400
-
Operating system used on iSeries and AS/400
- PML
-
The programming language for developing web applications that is integrated into the WebSmart IDE (development tool).
The ProGen Macro Language Editor (PML Editor) gives developers unlimited flexibility relative to the way they want a program to appear and function. PML is similar to RPG in that it has functions for direct record level access. With PML, CSC's developers can access the AS/400 database in a way that RPG programmers are used to. PML also includes several program aids. For example, it prompts for values as you type function names, has pop-up info boxes with names of valid objects that can be specified for various parameters, online help and a syntax checker among others.
- QSYS File System
-
The traditional file system of OS/400 where objects such as programs, physical and logical files are kept. This uses a library system for organization, where libraries are objects stored in a special system library called QSYS, and other objects are stored within those libraries. (In effect, a library is nothing more than a directory of objects). The HTTP server directives are used to prevent unauthorized access to objects in the QSYS File System.
- Server
-
Generally refers to iSeries, AS/400 or i5 - although in the case of SOA and web services, it refers to any web server platform.
- Security Certificate
-
Provided by an independent company such as Verisign (www.verisign.com). It certifies that your web server is a trusted source for serving information, and allows you to implement SSL on your web server.
- Smurf
-
Server-side piece of information, associated with a corresponding Smurfid. Also, similar in concept to cookies, except stored on the server instead of the client. Smurfs provide a mechanism for securely storing unique pieces of data associated with a given user of a web application.
- Smurfid
-
Unique session id that can be generated by WebSmart programming. The session id can be transmitted back and forth between client and server and provides a mechanism for maintaining stateful awareness between them. A smurf id can be 32 digits, or 64 encrypted characters. Values are sufficiently unique and random to be almost impossible to hijack.
- SOA
-
Service Oriented Architecture - the latest buzzword to describe server -to -server communications, often referred to as 'web services'. SOA applications allow the direct exchange of information between servers without human intervention across common protocols (HTTP and HTTPs), generally using industry-standard data formats such as XML documents.
- SSL
-
Secure Socket Layers- encrypted data transport mechanism for sending data back and forth from client (browser) to server (web server). Data is encrypted at the source, transported in encrypted form across the network, then decrypted at the target. Requires installation of a Security Certificate on the server (most modern browsers have SSL support built in). Security Certificates can be purchased from companies such as Verisign www.verisign.com. Most companies that have B2C (Business to Consumer) sites that accept credit card transactions use SSL to ensure financial transactions are secure. See also Security Certificate for more information.
- System i5
-
The next generation of IBM's leading "all-in-one" IT platform for small and mid-size businesses -- the System i5 line -- with major advances to help simplify IT operations. The System i5 line helps small and medium businesses mask the complexity of IT operations, delivers excellent performance, and helps promote solutions innovation with broad application choices across four operating systems. IBM is delivering the System i5 line with its leading POWER5+ processor, a dual-core "system on a chip" that runs at speeds up to 2.2 GHz, and shows up to a 33 percent increase in performance over the current POWER5-based iSeries models.
- Validation List
-
A type of OS/400 object (type is *VLDL) that contains validation list entries. Each entry has a user id and password, in addition to other programmer-customizable information. A validation list can be referenced by an HTTP configuration protection directive. This causes the browser to present a 'challenge' dialog box, asking for user id and password. The user id and password are then processed in the authentication phase of the HTTP server, and checked against the validation list. If a successful match is found, the HTTP server indicates that the user has been successfully authenticated, and it continues on to serve any pages that user is authorized to. If the user id or password or both do not match, the server tells the browser to present the challenge dialog box again, up to a maximum of three (3) times.
- WAS
-
WebSmart Web Application Server - a set of functions utilized in WebSmart-developed applications that help deploy web applications on the iSeries.
- Web Server
-
Synonymous with HTTP server.
- Web Services
-
See SOA.
