Secure access to internal data resources is facilitated through a gateway CGI on an internet visible computer system with an internet visible web server configured by rules to forward calls to the gateway CGI. The gateway CGI packages information from the call to send by secure socket connection to a server-like access control program on a secure host system which can reconstitute the call if authenticated and/or validated and serve the request, returning the sought after data or resource through an encrypted channel if desired. Variations for high throughput environments and operation with application program session controllers are described.