So the way we chose to do it was to expose a middle-ware service which tightly restricts which data / service endpoints are accessible and how.
Granted,this was before Access Scope was available, we also chose to ONLY expose the BAQ/UBAQ and (now available) Functions End Point.
The regular BO endpoint we chose to keep private. (IMO Too much RISK)
This way we can tightly regulate exactly what is available on the DMZ and to whom. We white list the BAQ’s we want available and match them up with assigned Keys for each vendor/resource (ALA Access Scope)
Again using regular access scope will probably solve most of these issues, but we really didn’t want to expose the BO’s at all (A bit paraniod perhaps).
This is re-inventing the wheel and I’m not saying my wheel is better than Epicor’s but we wanted to be able to tightly restrict the data access and in the event of someone being suuuper determined we didn’t want to expose our app server directly in the DMZ.
With exposing this facade even via brute forcing they shouldn’t be able to access anything beyond the very limited white listed BAQs/UBAQs we expose.
I shared some of this here before