0 votes
108 views
in Portal by
Is it advisable to use the process portal for end users. Will exposing the built in ibm portal cause any security or performance issue?

1 Answer

0 votes
by
selected by
 
Best answer
I have not come across a live web application based on Process Portal facing internet or web published, there have been couple of POCs and Prototypes built but following are the concerns regarding such exposure

1. Security concerns, running a rational appscan or other vulnerability scanners against the Process Portal has revealed significant security vulnerabilities.

2. The security concerns can only be addressed by the web application itself which is a OOB application and since source code is not available cannot be customized.

3. The level of scaling and infrastructure needed will be tremendous if it is has lets say a user base of 1000+ and approx 100+ concurrent usages. I have seen the infrstructure fail at even 100 users and 10+ concurrent users even with four nodes. But there are lot of factors involved and configuration in performance.

4. some of the security concerns can be alleviated by using Cloud based Reverse Proxies and Web Application Firewalls e.g. provided by amazon and cloudflare, but real truth will emerge if AppScan is run outside the WAFs, also some enterprises have sophisticated security gateways which can filter out the security threats also the WAF/OWASP rules will need to be customized to not hinder functionality while ensuring security.

5. Licensing may also be an issue not sure how internet user licensing will work.

6. Features like user provisioning etc may need to be custom built.

7. CDN based delivery of static resources can offload a lot of performance impact though.
 

Other members please pitch in if you have other thoughts etc.

Related questions

0 votes
1 answer 131 views
0 votes
2 answers 202 views
0 votes
1 answer 136 views
0 votes
1 answer 147 views
0 votes
1 answer 60 views
0 votes
1 answer 133 views
0 votes
1 answer 164 views
...