friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.ddp_5.4.0.1/rbal1secforadist.htm

101 lines
6.2 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Security considerations for a distributed relational database" />
<meta name="abstract" content="Part of planning for a distributed relational database involves the decisions you must make about securing distributed data." />
<meta name="description" content="Part of planning for a distributed relational database involves the decisions you must make about securing distributed data." />
<meta name="DC.subject" content="security, planning for, password, encrypted, planning" />
<meta name="keywords" content="security, planning for, password, encrypted, planning" />
<meta name="DC.Relation" scheme="URI" content="rbal1managestrat.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1secure.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rbal1secforadist" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security considerations for a distributed relational database</title>
</head>
<body id="rbal1secforadist"><a name="rbal1secforadist"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security considerations for a distributed relational database</h1>
<div><p>Part of planning for a distributed relational database involves
the decisions you must make about securing distributed data. </p>
<div class="section"><p>These decisions include:</p>
<ul><li>What systems should be made accessible to users in other locations and
which users in other locations should have access to those systems.</li>
<li>How tightly controlled access to those systems should be. For example,
should a user password be required when a conversation is started by a remote
user?</li>
<li>Is it required that passwords flow over the wire in encrypted form?</li>
<li>Is it required that a user profile under which a client job runs be mapped
to a different user identification or password based on the name of the relational
database to which you are connecting?</li>
<li>What data should be made accessible to users in other locations and which
users in other locations should have access to that data.</li>
<li>What actions those users should be allowed to take on the data.</li>
<li>Whether authorization to data should be centrally controlled or locally
controlled.</li>
<li>If special precautions should be taken because multiple systems are being
linked. For example, should name translation be used?</li>
</ul>
</div>
<div class="section"><p>When making the previous decisions, consider the following items
when choosing locations:</p>
<ul><li>Physical protection. For example, a location might offer a room with restricted
access.</li>
<li>Level of system security. The level of system security often differs between
locations. The security level of the distributed database is no greater than
the lowest level of security used in the network. <p>All servers connected
by Advanced Program-to-Program Communication (APPC) can do the following things:</p>
<ul><li>If both servers are <span class="keyword">iSeries™ server</span>s,
communicate passwords in encrypted form.</li>
<li>Verify that when one server receives a request to communicate with another
server in the network, the requesting server is actually "who it says it is"
and that it is authorized to communicate with the receiving server.</li>
</ul>
<p>All servers can do the following things:</p>
<ul><li>Pass a user's identification and password from the local server to the
remote server for verification before any remote data access is allowed.</li>
<li>Grant and revoke privileges to access and manipulate SQL objects such
as tables and views.</li>
</ul>
<p>The <span class="keyword">iSeries server</span> includes
security audit functions that allow you to track unauthorized attempts to
access data, as well as to track other events pertinent to security.
The server also provides a function that can prevent all distributed database
access from remote servers. </p>
<ul><li>Security-related costs. When considering the cost of security, consider
both the cost of buying security-related products and the price of your information
staff's time to perform the following activities: <ul><li>Maintain server identification of remote-data-accessing users at both
local and remote servers.</li>
<li>Coordinate auditing functions between sites.</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1managestrat.htm" title="When you are managing a distributed relational database, keep these strategies in mind.">Develop a management strategy for a distributed relational database</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rbal1secure.htm" title="The iSeries server has security elements built into the operating system to limit access to the data resources of an application server. Security options range from simple physical security to full password security coupled with authorization to commands and data objects.">Security</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink