This topic describes security risks to system directories and provides
recommendations for reducing these risks.
Assume that a PC is connected to your server with an IBM® iSeries™ Access
for Windows® session.
The session set up mapped drives to link to the system's integrated file system.
For example, the PC’s G drive might map to the integrated
file system of the SYSTEM1 server in the network.
Now assume that the same PC user has a browser and can access the Internet.
The user requests a Web page that runs a mischievous "program" such as
a Java™ applet
or an Active-X control. Conceivably, the program could attempt to erase everything
on the PC’s G drive.
You have several protections against damage to mapped drives:
- Your most important protection is resource security on your server. The Java applet
or Active-X control looks to the server like the user who established the
PC session. You need to carefully manage what each PC user is authorized
to do on your server.
- Advise your PC users to set their browsers to prevent attempts to access
mapped drives. This works for Java applets but not for Active-X controls.
- Educate your users about the dangers of being connected to your server
and the Internet in the same session. Also, make sure your PC users understand
that drives remain mapped even when the iSeries Access session appears to be
ended.