|
It does work over https to load the page, however, IBM didn't create the
view with an https:// URL, it's an http:// URL. I suppose we could
recreate the view, however, I'm not enamored with the idea of changing base
system tools. I'll see what the concern is tomorrow.
Coy Krill
Core Processing Administrator/Analyst
Washington Trust Bank
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Charles Wilt
Sent: Wednesday, October 21, 2015 12:58
To: Midrange Systems Technical Discussion
Subject: Re: systools. group_ptf_currency Secuirty Concern Responses
Importance: Low
A couple thoughts
- you can access that doc via https if you wish.
- looks like the GETHTTP<xxx> functions (used by group_ptf_currency())
support the use of a proxy
Look at page 22 (pdf 25) of this doc
https://www-304.ibm.com/partnerworld/wps/servlet/download/DownloadServlet?id=k4ixw2TAAIwiPCA$cnt&attachmentName=accessing_web_services_using_ibm_db2_for_i_udfs_and_udtfs.pdf&token=MTQ0NTQ1NzMzNzA0MA==&locale=en_ALL_ZZ
HTH,
Charles
On Wed, Oct 21, 2015 at 3:36 PM, Krill, Coy <CKrill@xxxxxxxxxxx> wrote:
They opened port 80 on the firewall so that the SQL view in IBM i canabout that originally.
consume an xml document at www-912.ibm.com. Generally they are
preventing any server, particularly ones with customer data from being
able to access anything on the internet directly. We have it open to
connect to ECS but that's over HTTPS and VPN, so there was less concern
We have the same AD and Websense stuff going on and often have tonotify
reboot as well to get access restored even on the local network.
Coy Krill
Core Processing Administrator/Analyst
Washington Trust Bank
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
rob@xxxxxxxxx
Sent: Wednesday, October 21, 2015 04:32
To: Midrange Systems Technical Discussion
Subject: RE: systools. group_ptf_currency Secuirty Concern Responses
Importance: Low
Exactly what did they have to open on the internet? Did you just have
to open access to port 80 from your IBM i? Or did you have to allow
certain ports from the internet to get to your IBM i? I'm pretty sure
that you only have to allow your IBM i to get to port 80. Because all
of our IBM i lpars can use this new function and very few of them have
any access TO them FROM the internet. Do they restrict who can get to
the internet by IP address and stuff to limit time wasting and stuff?
Here, we have a setting in Windows Active Directory which says whether
or not a user can use the internet for http. Those who do access the
internet for http have all traffic monitored (and restricted) by
WebSense. In general they block porn, gambling and sites known to be
hacks. Sometimes it goes crazy and I have to reboot my PC.
Sometimes I have to get permission to access a site which I know to be
valid but is blocked for some reason by WebSense. Perhaps this is
just your companies process. Rarely, if ever, am I denied.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Krill, Coy" <CKrill@xxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx
Date: 10/20/2015 05:29 PM
Subject: RE: systools. group_ptf_currency Secuirty Concern
Responses
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
Ordering PTFS via SNDPTFORD goes over a VPN or other secure channel to
IBM. IBM has the request for the systools view go out of regular
internet channels. We get our CUM packages from our main software
vendor as they vet them for their software and add additional PTFs
when necessary for their software to work. I generally order the Java,
HTTP, Security and HIPER group packages monthly (and sometimes others
depending on the situation). I was looking at using the systools view
to have an easily accessible tool that can tell me what I can order
that I don't already have installed or waiting to apply. I don't
generally compare individual PTFs, just the groups.
Coy Krill
Core Processing Administrator/Analyst
Washington Trust Bank
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Jack Kingsley
Sent: Tuesday, October 20, 2015 12:34
To: Midrange Systems Technical Discussion
Subject: Re: systools. group_ptf_currency Secuirty Concern Responses
Importance: Low
How are you downloading and installing fixes. Do you have to remote
query IBM to do your local compare for PTF's.
On Tue, Oct 20, 2015 at 3:04 PM, Krill, Coy <CKrill@xxxxxxxxxxx> wrote:
I had our network folks open the firewall so that our Production,month.
Test and DR machines could access
http://www-912.ibm.com/s_dir/sline003.nsf/PSPbyNumL.xml?OpenView&cou
nt
=500 and have the systools.group_ptf_currency view work
properly.I've now been requested to meet with our security folks
regarding this request.
I assume that they are going to have security concerns and are
potentially looking to block this site again. Has anyone had to
respond to any inquiries from security or auditors regarding loading
the xml table from IBM? It seems pretty innocuous to me, but perhaps
I'm missing something larger but in any case I'd like to be prepared
to assuage any security concerns as I would really like to use this
view rather than having to compare a 5250 screen to a webpage every
--
Coy Krill
Core Processing Administrator/Analyst Washington Trust Bank
---------------------------------------------------------------------
This electronic mail message and any attachments may contain
confidential or privileged information and is intended for use solely
by the above-referenced recipient. Any review, copying, printing,
disclosure, distribution, or other use by any other person or entity
is strictly prohibited under applicable law. If you are not the named
recipient, or believe you have received this message in error, please
immediately notify the sender by replying to this message and delete
the copy you received
---------------------------------------------------------------------
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.
---------------------------------------------------------------------
This electronic mail message and any attachments may contain confidential
or privileged information and is intended for use solely by the
above-referenced recipient. Any review, copying, printing, disclosure,
distribution, or other use by any other person or entity is strictly
prohibited under applicable law. If you are not the named recipient, or
believe you have received this message in error, please immediately
the sender by replying to this message and delete the copy you receivedlist
---------------------------------------------------------------------
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxnotify
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
---------------------------------------------------------------------
This electronic mail message and any attachments may contain confidential
or privileged information and is intended for use solely by the
above-referenced recipient. Any review, copying, printing, disclosure,
distribution, or other use by any other person or entity is strictly
prohibited under applicable law. If you are not the named recipient, or
believe you have received this message in error, please immediately
the sender by replying to this message and delete the copy you receivedlist
---------------------------------------------------------------------
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
---------------------------------------------------------------------
This electronic mail message and any attachments may contain confidential
or privileged information and is intended for use solely by the
above-referenced recipient. Any review, copying, printing, disclosure,
distribution, or other use by any other person or entity is strictly
prohibited under applicable law. If you are not the named recipient, or
believe you have received this message in error, please immediately notify
the sender by replying to this message and delete the copy you received
---------------------------------------------------------------------
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.