User guide
OLTP Function
1-19
OLTP Function
The OLTP function can be used with the following products:
• Interstage Application Server Enterprise Edition
• Interstage Application Server Standard Edition
• Interstage Application Server Plus
This section gives an overview of the threats posed by invasion of security in a general OLTP
application.
Generally, an OLTP application performs operations with a CORBA client program. This client program
is executed sometimes as an independent CORBA client program and sometimes as an applet in a Web
browser. Although it is usual to place the CORBA client program in an intranet area, a Web server
("HTTP Tunneling") acts as an intermediary to enable it to run if it is placed in an Internet area. This
Web server is generally located in the Demilitarized Zone (DMZ) so that accesses to Internet and
intranet areas go through a firewall.
Resources to be Protected
This section describes the resources to be protected when a general OLTP application is used.
Functions to be Protected
The following functions and procedures should be protected:
• User authentication
• Invocation of the CORBA application
• Invocation of the transaction application
• Access to Naming Service
• Access to Interface Repository
• Access to the load balance
• Interstage environment setup
• Registration and deletion of the WorkUnit definition