× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2005

RE: security vs sox question

Dennis - please feel free to look at our solution DetectIT (www.safestone.com) 
which will help you move towards compliance.  As you will see we have provided 
a number of tools which cover a wide-variety of security issues on the iSeries, 
including the one you mention.

Good luck!

Regards 

Martin A Norman 
Technical Services
SafeStone Technologies 
mnorman@xxxxxxxxxxxxxxxx 
1-800-558-3544 

This email and/or attachments are privileged and confidential and intended 
solely for the addressee. If you are not the intended recipient, please notify 
us immediately. Disclosure, distribution or copying of this email other than by 
the addressee is strictly prohibited. The company does not warrant that the 
information is free of a virus or any other defect that may affect the 
recipient's computer system and it is your responsibility to scan attachments 
(if any).

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] 
On Behalf Of Denis Robitaille
Sent: Friday, November 04, 2005 2:06 PM
To: midrange-l@xxxxxxxxxxxx
Subject: security vs sox question

Hello all,
As many of you, we are going trough the process to get certified for Sarbane 
oxley.
Our setup is ok for "green screen" program. We use adopted autority so that, by 
themselve, the user do not have access to any files but the programs do. This 
way, our data can only be modified from our written and approved programs (no 
DFU or client access upload or dynamic SQL ...).
But I wonder how to properly secure access for VB, Java, c# or any 
client/server programs that do not run on the Iseries. Since those program do 
not run on the Iseries, we can not use adopted autority. So we must grant more 
right to the user profil. But i we do so, we can not stop a user from using any 
program on his PC to access the data on the Iseries. 
I checked and the ODBC exit program can not know the name of the program that 
uses the connection, thus I can not validate the program that way.
On the information center, they proposed the use of stored procedure with 
adopted autority. But what is stoping a user from calling those stored 
procedure from a home made program?
We are looking at the use of swapp profile to increase security, but this is 
complex and not bullet proof.
I am looking to hear from other as to how they handle that need of 
securing/controling access to Iseries data in client/server mode.
Thanks in advance.
Denis Robitaille
Directeur services technique TI
819 363 6130
SUPPORT
Jour (EST) Daytime : 819-363-6134
En-dehors des heures (EST) After hour : 819-363-6158
Network Status : 819-363-6157

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.