ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvmonitortriggerprog.htm

83 lines
5.4 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Monitor for use of trigger programs" />
<meta name="abstract" content="This article describes the task, monitor for use of trigger programs, explains why it is important, and provides step-by-step instructions." />
<meta name="description" content="This article describes the task, monitor for use of trigger programs, explains why it is important, and provides step-by-step instructions." />
<meta name="DC.Relation" scheme="URI" content="rzamvdevelopintrusiondetectstrat.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="monitortriggerprog" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Monitor for use of trigger programs</title>
</head>
<body id="monitortriggerprog"><a name="monitortriggerprog"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Monitor for use of trigger programs</h1>
<div><p>This article describes the task, monitor for use of trigger programs,
explains why it is important, and provides step-by-step instructions.</p>
<p>DB2® UDB provides the capability to associate trigger programs with database
files. Trigger-program capability is common across the industry for high-function
database managers. </p>
<p>When you associate a trigger program with a database file, you specify
when the trigger program runs. For example, you can set up the customer order
file to run a trigger program whenever a new record is added to the file.
When the customers outstanding balance exceeds the credit limit, the trigger
program can print a warning letter to the customer and send a message to the
credit manager. </p>
<div class="p">Trigger programs are a productive way both to provide application functions
and to manage information. Trigger programs also provide the ability for someone
with devious intentions to create a “Trojan horse” on your system. A destructive
program may be sitting and waiting to run when a certain event occurs in a
database file on your system.<div class="note"><span class="notetitle">Note:</span> In history, the Trojan horse was a large
hollow wooden horse that was filled with Greek soldiers. After the horse was
introduced within the walls of Troy, the soldiers climbed out of the horse
and fought the Trojans. In the computer world, a program that hides destructive
functions is often called a Trojan horse.</div>
</div>
<p>SECBATCH menu options:</p>
<p>27 to submit immediately 66 to use the job scheduler </p>
<p>When your system ships, the ability to add a trigger program to a database
file is restricted. If you are managing object authority carefully, the typical
user will not have sufficient authority to add a trigger program to a database
file. (Appendix D in the Security Reference book tells the authority that
is required or all commands, including the Add Physical File Trigger (ADDPFTRG)
command. </p>
<p>You can use the Print Trigger Programs (PRTTRGPGM) command to print a list
of all the trigger programs in a specific library or in all libraries.</p>
<p>You can use the initial report as a base to evaluate any trigger programs
that already exist on your system. Then, you can print the changed report
regularly to see whether new trigger programs have been added to your system. </p>
<div class="p">When you evaluate trigger programs, consider the following: <ul><li>Who created the trigger program? You can use the Display Object Description
(DSPOBJD) command to determine this. </li>
<li>What does the program do? You will have to look at the source
program or talk to the program creator to determine this. For example, does
the trigger program check to see who the user is? Perhaps the trigger program
is waiting for a particular user (QSECOFR) in order to gain access to system
resources.</li>
</ul>
After you have established a base of information, you can print the changed
report regularly to monitor new trigger programs that have been added to your
system.</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvdevelopintrusiondetectstrat.htm" title="The following information is a collection of tips to help you detect potential security exposures.">Prevent and detect security exposures</a></div>
</div>
</div>
</body>
</html>