User guide

OLTP Function
1-19
OLTP Function
The OLTP function can be used with the following products:
Interstage Application Server Enterprise Edition
Interstage Application Server Standard Edition
Interstage Application Server Plus
This section gives an overview of the threats posed by invasion of security in a general OLTP
application.
Generally, an OLTP application performs operations with a CORBA client program. This client program
is executed sometimes as an independent CORBA client program and sometimes as an applet in a Web
browser. Although it is usual to place the CORBA client program in an intranet area, a Web server
("HTTP Tunneling") acts as an intermediary to enable it to run if it is placed in an Internet area. This
Web server is generally located in the Demilitarized Zone (DMZ) so that accesses to Internet and
intranet areas go through a firewall.
Resources to be Protected
This section describes the resources to be protected when a general OLTP application is used.
Functions to be Protected
The following functions and procedures should be protected:
User authentication
Invocation of the CORBA application
Invocation of the transaction application
Access to Naming Service
Access to Interface Repository
Access to the load balance
Interstage environment setup
Registration and deletion of the WorkUnit definition