× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2004

Client Access Security

Dear Ron,                                                                    +> 
vendor response

There are a number of security issues related to ODBC access to 
the production data on your iSeries.  Those issues include: who has
or will have access through ODBC, who has the authority to start and 
stop the server connections, who can change the server settings, etc.  

Equally important is what authorities to your critical objects will 
the user have once they connect through the server. The security for 
many iSeries software applications grant OS/400 authority to all the 
objects and then internally control who has access to those objects.  
This works well when users sign-on through 5250 emulation. 
However, when users connect through the server the sign-on process 
is not executed in the same way ... even though the request for a 
"valid user ID" suggests that a full sign-on process is executed. 

Here's the implication: a user who does not have access to the item 
master file through 5250 emulation may have OS/400 authority to
replace the item master file through a server connection.

Bill of Health is our security risk assessment tool which looks at 
these issues and many more areas of OS/400 security, gathers specific 
data unique to your system, and produces a comprehensive assessment 
guide with a security plan that explains:

  >> What the security issues are on your system 
  >> Why they represent a security issue 
  >> How to correct the issues found

Here's a sample of the categories of information reviewed: system 
security values, user profiles, exit points, adopted authority, TCP/IP 
issues, object authorities, and more.  Information on Bill of Health, 
including a sample assessment document can be found at:
   http://www.unbeatenpathintl.com/BOH/source/1.html 

I hope this provides some of the information you are looking for and 
I would welcome the opportunity to answer any questions you may 
have off line.

Warmest Regards,

Dean A. Olson
Director of Software Technology
Unbeaten Path International
(888) 874-8008
(262) 681-3151
dolson@xxxxxxxxxx 
www.unpath.com  




+++++++   +++++++   +++++++   +++++++   +++++++   +++++++
From: ron_adams@xxxxxxxxxxxxxx
To: Midrange Systems Technical Discussion
Sent: Thursday, September 30, 2004 8:57 PM
Subject: Client Access Security

Where is a good place to start looking at Client-level security?
Specifically in the area of ODBC/OLE access.

We are starting to roll out several client based access apps where the
user's are going to be using ODBC and the like to access our production
data, and I want to try and head off any security issues.

Ron Adams
Information Technology Group
Crane Valves
9200 New Trails Dr. Suite 200
The Woodlands, TX 77385
Office: 281-298-5463 x104
Direct: 281-465-3054
Cell: 281-216-7721

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.