ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaii_5.4.0.1/rzaiiodbc15.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="ODBC program security strategies" />
<meta name="abstract" content="Consider the following ODBC program security strategies." />
<meta name="description" content="Consider the following ODBC program security strategies." />
<meta name="DC.Relation" scheme="URI" content="rzaiiodbc09.htm" />
<meta name="DC.Relation" scheme="URI" content="../db2/rbafzmst02.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiihostserver.htm" />
<meta name="DC.Relation" scheme="URI" content="../books/sc415302.pdf" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiiodbc15" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>ODBC program security strategies</title>
</head>
<body id="rzaiiodbc15"><a name="rzaiiodbc15"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">ODBC program security strategies</h1>
<div><p>Consider the following ODBC program security strategies.</p>
<div class="section"><h4 class="sectiontitle">Restricting program access to the database</h4><p>System
administrators often need to limit access to particular files, to a certain
program, or to sets of programs. A programmer using the character-based interface
would set restrictions by using program-adopted authority. A similar method
can be used with ODBC.</p>
<p>Stored procedures allow ODBC programmers to implement
program-adopted authority. The programmer may not want users to be able to
manipulate database files by using desktop applications such as Microsoft<sup>®</sup> Access
or Lotus<sup>®</sup> 1-2-3<sup>®</sup>.
Instead, the programmer may want to limit database updates to only the programmer's
application. To implement this, user access to the database must be restricted
with object-level security or with user exit programs. The application must
be written to send data requests to the stored procedure and have the stored
procedure update the database.</p>
</div>
<div class="section"><h4 class="sectiontitle">Restrict CPU utilization by user</h4><p>ODBC has greatly
eased the accessibility of iSeries™ data. One negative impact has been that users
may accidentally create very CPU-intensive queries without realizing it. ODBC
runs at an interactive job priority and this can severely affect system performance.
The iSeries supports
a <span class="uicontrol">query governor</span>. ODBC can invoke the query governor
(for example, through the PC application) in a stored procedure call. Or the
ODBC APIs can invoke the governor by way of the query time-out parameter.
Also, a user exit program can force the query governor on the ODBC job. The
time limit is specified on the QRYTIMLMT parameter of the CHGQRYA CL command.
The query options file (QAQQINI) can also be used to set the value.</p>
<p>The <cite>SQL
Reference</cite> book contains additional information. View an HTML online
version of the book, or print a PDF version, from the DB2 Universal Database™ for iSeries SQL
Reference.</p>
<p>Also see Host server administration for more information.</p>
</div>
<div class="section"><h4 class="sectiontitle">Audit logs (monitoring security)</h4><p>Several logs can
be used to monitor security. QHST, the History Log, contains messages that
relate to security changes that are made to the system. For detailed monitoring
of security-related functions, QAUDJRN can be enabled. The *SECURITY value
logs the following functions:</p>
<ul><li>Changes to object authority</li>
<li>Create, change, delete, display, and restore operations of user profiles</li>
<li>Changes to object ownership</li>
<li>Changes to programs (CHGPGM) that adopt the owner's profile</li>
<li>Changes to system values and network attributes</li>
<li>Changes to subsystem routing</li>
<li>When the QSECOFR password is reset to the shipped value by DST</li>
<li>When the DST security officer password is requested to be defaulted</li>
<li>Changes to the auditing attribute of an object</li>
</ul>
<p>For additional information, see the IBM<sup>®</sup> Security - Reference.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiiodbc09.htm" title="Highlights a few security considerations when working with ODBC, and provides references to more detailed security instructions.">iSeries Access for Windows ODBC security</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaiihostserver.htm" title="Describes the host servers that are commonly used with iSeries Access for Windows, and describes how to effectively manage and use them.">Host server administration</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="../db2/rbafzmst02.htm">DB2 Universal Database for iSeries SQL Reference</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../books/sc415302.pdf" target="_blank">IBM Security - Reference</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="ODBC program security strategies" />`
			`<meta name="abstract" content="Consider the following ODBC program security strategies." />`
			`<meta name="description" content="Consider the following ODBC program security strategies." />`
			`<meta name="DC.Relation" scheme="URI" content="rzaiiodbc09.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="../db2/rbafzmst02.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaiihostserver.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="../books/sc415302.pdf" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzaiiodbc15" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>ODBC program security strategies</title>`
			`</head>`
			`<body id="rzaiiodbc15"><a name="rzaiiodbc15"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">ODBC program security strategies</h1>`
			`<div><p>Consider the following ODBC program security strategies.</p>`
			`<div class="section"><h4 class="sectiontitle">Restricting program access to the database</h4><p>System`
			`administrators often need to limit access to particular files, to a certain`
			`program, or to sets of programs. A programmer using the character-based interface`
			`would set restrictions by using program-adopted authority. A similar method`
			`can be used with ODBC.</p>`
			`<p>Stored procedures allow ODBC programmers to implement`
			`program-adopted authority. The programmer may not want users to be able to`
			`manipulate database files by using desktop applications such as Microsoft<sup>®</sup> Access`
			`or Lotus<sup>®</sup> 1-2-3<sup>®</sup>.`
			`Instead, the programmer may want to limit database updates to only the programmer's`
			`application. To implement this, user access to the database must be restricted`
			`with object-level security or with user exit programs. The application must`
			`be written to send data requests to the stored procedure and have the stored`
			`procedure update the database.</p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">Restrict CPU utilization by user</h4><p>ODBC has greatly`
			`eased the accessibility of iSeries™ data. One negative impact has been that users`
			`may accidentally create very CPU-intensive queries without realizing it. ODBC`
			`runs at an interactive job priority and this can severely affect system performance.`
			`The iSeries supports`
			`a <span class="uicontrol">query governor</span>. ODBC can invoke the query governor`
			`(for example, through the PC application) in a stored procedure call. Or the`
			`ODBC APIs can invoke the governor by way of the query time-out parameter.`
			`Also, a user exit program can force the query governor on the ODBC job. The`
			`time limit is specified on the QRYTIMLMT parameter of the CHGQRYA CL command.`
			`The query options file (QAQQINI) can also be used to set the value.</p>`
			`<p>The <cite>SQL`
			`Reference</cite> book contains additional information. View an HTML online`
			`version of the book, or print a PDF version, from the DB2 Universal Database™ for iSeries SQL`
			`Reference.</p>`
			`<p>Also see Host server administration for more information.</p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">Audit logs (monitoring security)</h4><p>Several logs can`
			`be used to monitor security. QHST, the History Log, contains messages that`
			`relate to security changes that are made to the system. For detailed monitoring`
			`of security-related functions, QAUDJRN can be enabled. The *SECURITY value`
			`logs the following functions:</p>`
			`<ul><li>Changes to object authority</li>`
			`<li>Create, change, delete, display, and restore operations of user profiles</li>`
			`<li>Changes to object ownership</li>`
			`<li>Changes to programs (CHGPGM) that adopt the owner's profile</li>`
			`<li>Changes to system values and network attributes</li>`
			`<li>Changes to subsystem routing</li>`
			`<li>When the QSECOFR password is reset to the shipped value by DST</li>`
			`<li>When the DST security officer password is requested to be defaulted</li>`
			`<li>Changes to the auditing attribute of an object</li>`
			`</ul>`
			`<p>For additional information, see the IBM<sup>®</sup> Security - Reference.</p>`
			`</div>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiiodbc09.htm" title="Highlights a few security considerations when working with ODBC, and provides references to more detailed security instructions.">iSeries Access for Windows ODBC security</a></div>`
			`</div>`
			`<div class="relconcepts"><strong>Related concepts</strong><br />`
			`<div><a href="rzaiihostserver.htm" title="Describes the host servers that are commonly used with iSeries Access for Windows, and describes how to effectively manage and use them.">Host server administration</a></div>`
			`</div>`
			`<div class="relref"><strong>Related reference</strong><br />`
			`<div><a href="../db2/rbafzmst02.htm">DB2 Universal Database for iSeries SQL Reference</a></div>`
			`</div>`
			`<div class="relinfo"><strong>Related information</strong><br />`
			`<div><a href="../books/sc415302.pdf" target="_blank">IBM Security - Reference</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`