This topic explains why you need to consider how remote commands and procedures can be run on your server.
A knowledgeable PC user with software such as iSeries™ Access can run commands on the server without going through the Sign On display. The following are several methods that are available for PC users to run server commands. Your client/server software determines the methods that your PC users have available to them.
- A user can open a DDM file and use the remote command function to run a command.
- Some software, such as iSeries Access optimized clients, provides the remote command function through Distributed Program Call (DPC) APIs, without the use of DDM.
- Some software, such as remote SQL and ODBC, provides a remote command function without either DDM or DPC.
For client/server software that uses DDM for remote command support, you can use the DDMACC network attribute to prevent remote commands completely. For client/server software that uses other server support, you can register exit programs for the server. If you want to allow remote commands, you must make sure that your object authority scheme protects your data adequately. Remote command capability is equivalent to giving a user a command line. In addition, when iSeries receives a remote command through DDM, the system does not enforce the user profiles Limited capability (LMTCPB) setting.