Re: Security Exit point monitoring -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

On Thu, May 27, 2010 at 6:08 AM, John Earl <john.earl@xxxxxxxxxxxxxx> wrote:

If I understand your question correctly, then the answer is,
unfortunately, no. There is no way for the IBM i side Exit Program to
know anything about which client side program initiated a remote SQL
access attempt. The i side just knows that it received a remote SQL
request, it can see the SQL string along with some basic identifying
information about he job on the i (User name, etc.). The i side exit
program can also find other information on the i about the job such as
IP address, group profile membership, LMTCPB status, etc, but there is
nothing in the data string passed that would identify any information
about the client side program that launched the request in the first
place.

Actually, that's not quite true anymore...

With 6.1, IBM added some special registers,:
CURRENT CLIENT_ACCTNG
CURRENT CLIENT_APPLNAME
CURRENT CLIENT_PROGRAMID
CURRENT CLIENT_USERID
CURRENT CLIENT_WRKSTNNAME

Granted you have to modify your client applications to pass the values
along, but you could do so then restrict the activities allowed by
connections, such as those from Excel, that have blanks for the
current values.

Charles

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.