Dear experts,
I have some quetions abaut what are the best practices for security and performance reasons in developing of web services.
Imagine a customer that acces to SAP Portal to execute some services published. This client is a person who does not belong to the staff of the company.
The TI architecture of the company includes an internal network where back-ends resides. One DMZ where one SAP Portal resides and second DMZ that filters connections from external network (Internet for example).
If we see this scenary from security standpoint we have external users that they can access to consume web services in SAP Portal and then if web services of Portal is developed in back-end this external user access to internal network resources. To paint html view and to get data of back-ends.
The questions are:
Is this a real security risk for the company? Is it a good practice to develop this page in DMZ with another development tool? for example .NET. If we make in DMZ this development within a only call service of back end to bring the data. Then this data is painted with .NET.
In this case this SAP Portals support all invocations of web services to back-ends and paints all html views. Is it a performance good practice?
Thanks and regards David Sánchez.