ibm-information-center/dist/eclipse/plugins/i5OS.ic.ddm_5.4.0.1/rbae5clearpass.htm

51 lines
3.7 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Considerations for certain passwords being passed as clear text" />
<meta name="abstract" content="Although iSeries supports the encryption of connection passwords, one of the connection security options you can specify in setting up an RDB directory entry is *USRIDPWD." />
<meta name="description" content="Although iSeries supports the encryption of connection passwords, one of the connection security options you can specify in setting up an RDB directory entry is *USRIDPWD." />
<meta name="DC.Relation" scheme="URI" content="rbae5elementtcpip.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rbae5clearpass" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Considerations for certain passwords being passed as clear text</title>
</head>
<body id="rbae5clearpass"><a name="rbae5clearpass"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Considerations for certain passwords being passed as clear text</h1>
<div><p>Although <span class="keyword">iSeries™</span> supports
the encryption of connection passwords, one of the connection security options
you can specify in setting up an RDB directory entry is *USRIDPWD.</p>
<p>See the <span class="cmdname">Add RDB Directory Entry</span> command and the <span class="cmdname">Change
Relational Database Directory Entry</span> command in Working with the
relational database directory for more information.</p>
<p>If the server to which the connection is made allows the *USRIDPWD security
option, the connection password can flow unencrypted. In V5R3, the SQL SET
ENCRYPTION PASSWORD statement and the ENCRYPT function can also cause passwords
to flow over the network unencrypted. Currently, there are two possible solutions
for encrypting datastreams. One is to use IPSec. As the other possibility,
if you are using an AR that supports SSL, you can use that protocol to encrypt
data transmitted to and from an <span class="keyword">iSeries</span> AS.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbae5elementtcpip.htm" title="DDM and DRDA over native TCP/IP does not use i5/OS communications security services and concepts such as communications devices, modes, secure location attributes, and conversation security levels which are associated with Advanced Program-to-Program Communication (APPC). Therefore, security setup for TCP/IP is quite different.">Elements of security in a TCP/IP network</a></div>
</div>
</div>
</body>
</html>