Security-related restore system values

Restoring programs to your system represents a security exposure.

A restored program may have been altered to perform functions that you do not intend, or the program may adopt the authority of a powerful user profile. These system values work together to determine the action the system takes regarding security-related objects. When preparing for a restore operation, you need to understand how the following security-related restore system values work together to restore objects securely.

Verify object signatures during restore
Force conversion on a restore
Allow restore for security-sensitive objects
Scan objects that are accessed after a restore operation

The verify object signature during restore system value controls the restore of digitally signed objects. Digital signatures provide enhanced integrity protection by ensuring that objects on the system have not been altered and come from a trusted source. This system value verify the signature on these objects by validating that the signer is trusted. If the object passes this system value without errors. The system then checks the value of force conversion on restore system value.

This second system value that the system checks determine whether to force the conversion objects during a restore operation. The force conversion on a restore system value allows you to specify whether or not to convert programs, service programs, SQL packages, and module objects during the restore. It can also prevent some objects from being restored. In addition to this system value, you can specify the Force object conversion (*FRCOBJCVN) parameter when you issue a restore command. Only objects that can get past the first two filters are processed by the third system value.

The allow restore of security-sensitive objects (QALWOBJRST) system value specifies whether or not objects with security-sensitive attributes can be restored.

Verify object on restore
The Verify Object on Restore (QVFYOBJRST) system value determines whether objects are required to have digital signatures in order to be restored to your system.
Force conversion on restore
This system value allows you to specify whether or not to convert some object types during a restore. You can also use it to prevent some objects from being restored.
Allow restore for security-sensitive objects
Three system values, Verify Object on Restore (QVFYOBJRST), Force Conversion on Restore (QFRCCVNRST), and Allow Object Restore (QALWOBJRST), act as a series of filters to determine whether a program is restored without change, whether it is re-created as it is restored, or whether it is not restored to the system.

Parent topic: Plan system security