ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaii_5.4.0.1/rzaiiodbc13.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Common ODBC strategies that are not secure" />
<meta name="abstract" content="Avoid some common ODBC security techniques to ensure your environment is secure." />
<meta name="description" content="Avoid some common ODBC security techniques to ensure your environment is secure." />
<meta name="DC.Relation" scheme="URI" content="rzaiiodbc09.htm" />
<meta name="DC.Relation" scheme="URI" content="../books/sc415302.pdf" />
<meta name="DC.Relation" scheme="URI" content="../books/sc415304.pdf" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiiodbc13" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Common ODBC strategies that are not secure</title>
</head>
<body id="rzaiiodbc13"><a name="rzaiiodbc13"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Common ODBC strategies that are not secure</h1>
<div><p>Avoid some common ODBC security techniques to ensure your environment
is secure.</p>
<p>Sometimes system administrators attempt to secure access to the data, rather
than securing the data itself. This is extremely risky, as it requires that
administrators understand ALL of the methods by which users can access data.
Some common ODBC security techniques to avoid are:</p>
<div class="section"><h4 class="sectiontitle">Command line security</h4><p>This may be useful for a character-based
interface or for 5250 emulation-based applications. However, this method assumes
that if you prevent users from entering commands in a 5250 emulation session,
they can access data only through the programs and menus that the system administrator
provides to them. Therefore, command line security is never truly secure.
The use of iSeries™ Access
policies and Application Administration improve security, and use of object
level authority improves it even more.</p>
<p>Potentially, iSeries Access
for Windows<sup>®</sup> policies
can restrict ODBC access to a particular data source that might be read only.
Application Administration in iSeries Navigator can prevent ODBC access.</p>
<p>For
additional information, see the IBM<sup>®</sup> Security - Reference.</p>
</div>
<div class="section"><h4 class="sectiontitle">User exit programs</h4><p>A user exit program allows the
system administrator to secure an IBM-supplied host server program. The iSeries Access
ODBC driver uses the Database host server: exit points QIBM_QZDA_INIT; QIBM_QZDA_NDBx;
and QIBM_QZDA_SQLx. Some ODBC drivers and iSeries Access for Windows data
access methods (such as OLE DB) may use other host servers.</p>
</div>
<div class="section"><h4 class="sectiontitle">Journals</h4><p>Journaling often is used with client/server
applications to provide commitment control. The journals contain detailed
information on every update made to a file that is being journaled. The journal
information can be formatted and queried to return specific information, including:</p>
<ul><li>The user profiles that updated the file</li>
<li>The records that were updated</li>
<li>The type of update</li>
</ul>
<p>Journaling also allows user-defined journal entries. When used with
a user exit program or trigger, this offers a relatively low-overhead method
of maintaining user-defined audits. For further information, see the Backup
and Recovery.</p>
</div>
<div class="section"><h4 class="sectiontitle">Data Source Name (DSN) restrictions</h4><p>The iSeries Access
ODBC driver supports a DSN setting to give read-only access to the database.
The iSeries Access
ODBC driver supports a read-only and a read-call data source setting. Although
not secure, these settings can assist in preventing inadvertent delete and
update operations.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiiodbc09.htm" title="Highlights a few security considerations when working with ODBC, and provides references to more detailed security instructions.">iSeries Access for Windows ODBC security</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../books/sc415302.pdf" target="_blank">iSeries Security - Reference</a></div>
<div><a href="../books/sc415304.pdf" target="_blank">Backup and Recovery</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Common ODBC strategies that are not secure" />`
			`<meta name="abstract" content="Avoid some common ODBC security techniques to ensure your environment is secure." />`
			`<meta name="description" content="Avoid some common ODBC security techniques to ensure your environment is secure." />`
			`<meta name="DC.Relation" scheme="URI" content="rzaiiodbc09.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="../books/sc415302.pdf" />`
			`<meta name="DC.Relation" scheme="URI" content="../books/sc415304.pdf" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzaiiodbc13" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Common ODBC strategies that are not secure</title>`
			`</head>`
			`<body id="rzaiiodbc13"><a name="rzaiiodbc13"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Common ODBC strategies that are not secure</h1>`
			`<div><p>Avoid some common ODBC security techniques to ensure your environment`
			`is secure.</p>`
			`<p>Sometimes system administrators attempt to secure access to the data, rather`
			`than securing the data itself. This is extremely risky, as it requires that`
			`administrators understand ALL of the methods by which users can access data.`
			`Some common ODBC security techniques to avoid are:</p>`
			`<div class="section"><h4 class="sectiontitle">Command line security</h4><p>This may be useful for a character-based`
			`interface or for 5250 emulation-based applications. However, this method assumes`
			`that if you prevent users from entering commands in a 5250 emulation session,`
			`they can access data only through the programs and menus that the system administrator`
			`provides to them. Therefore, command line security is never truly secure.`
			`The use of iSeries™ Access`
			`policies and Application Administration improve security, and use of object`
			`level authority improves it even more.</p>`
			`<p>Potentially, iSeries Access`
			`for Windows<sup>®</sup> policies`
			`can restrict ODBC access to a particular data source that might be read only.`
			`Application Administration in iSeries Navigator can prevent ODBC access.</p>`
			`<p>For`
			`additional information, see the IBM<sup>®</sup> Security - Reference.</p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">User exit programs</h4><p>A user exit program allows the`
			`system administrator to secure an IBM-supplied host server program. The iSeries Access`
			`ODBC driver uses the Database host server: exit points QIBM_QZDA_INIT; QIBM_QZDA_NDBx;`
			`and QIBM_QZDA_SQLx. Some ODBC drivers and iSeries Access for Windows data`
			`access methods (such as OLE DB) may use other host servers.</p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">Journals</h4><p>Journaling often is used with client/server`
			`applications to provide commitment control. The journals contain detailed`
			`information on every update made to a file that is being journaled. The journal`
			`information can be formatted and queried to return specific information, including:</p>`
			`<ul><li>The user profiles that updated the file</li>`
			`<li>The records that were updated</li>`
			`<li>The type of update</li>`
			`</ul>`
			`<p>Journaling also allows user-defined journal entries. When used with`
			`a user exit program or trigger, this offers a relatively low-overhead method`
			`of maintaining user-defined audits. For further information, see the Backup`
			`and Recovery.</p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">Data Source Name (DSN) restrictions</h4><p>The iSeries Access`
			`ODBC driver supports a DSN setting to give read-only access to the database.`
			`The iSeries Access`
			`ODBC driver supports a read-only and a read-call data source setting. Although`
			`not secure, these settings can assist in preventing inadvertent delete and`
			`update operations.</p>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiiodbc09.htm" title="Highlights a few security considerations when working with ODBC, and provides references to more detailed security instructions.">iSeries Access for Windows ODBC security</a></div>`
			`</div>`
			`<div class="relinfo"><strong>Related information</strong><br />`
			`<div><a href="../books/sc415302.pdf" target="_blank">iSeries Security - Reference</a></div>`
			`<div><a href="../books/sc415304.pdf" target="_blank">Backup and Recovery</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`