how to secure iSeries Files from unauthorized SQL & FTP commands from a windows application.

pts.
Tags:
AS/400
Microsoft Windows
Security management
Any ideas on how to lock users out of the capability to run remote ODBC/SQL/FTP commands that update iSeries production data from within a PC application? BPCS security is menu/program specific instead of by file.

Answer Wiki

Thanks. We'll let you know when a new response is added.

I believe what your looking for is a TCP exit program. you can locate the exit programs using the WRKREGINF command. You might want to look at third party product like PowerLock to secure them. Very easy to install and activate.

============================================================

Object-level security is the way to go. I assume you know that because of your “BPCS security” comment.

The next step would be to use iSeries Navigator. Right-click your Connection and select Application Administration. You’ll want to review most things in there. Under the Client Applications tab, you should find how to restrict File Transfer, ODBC, etc., for groups or individuals. Under the Host Applications tab, you should find TCP/IP Utilities with FTP inside.

AppAdmin isn’t perfect. It misses a lot of granularity. But sometimes it’s good enough. There are related APIs if you want programmed control.

Next would be writing some exit programs. If requirements remain simple, the programs can be simple too. That’s a good thing because exit point programming can be sensitive to PTFs, upgrades and even changing LPPs. Some of the details get almost diabolic. And mistakes in your logic can result in opening access wider rather than asserting stronger control. At the worst, you can unintentionally open your system to the world. (“Come on in! No passwords needed!”)

Next would be commercial exit point products. <Disclaimer: I am employed by PowerTech, the company that created PowerLock — now Network Security.>

There are a lot of options, not all of them mentioned yet. But those are the likely directions you’d look.

Tom

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following