friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvsecurityexit.htm

127 lines
7.5 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Use security exit programs" />
<meta name="abstract" content="Some system functions provide an exit so that your system can run a user-created program to perform additional checking and validation. For example, you can set up your system to run an exit program every time that someone attempts to open a DDM (distributed data management) file on your system." />
<meta name="description" content="Some system functions provide an exit so that your system can run a user-created program to perform additional checking and validation. For example, you can set up your system to run an exit program every time that someone attempts to open a DDM (distributed data management) file on your system." />
<meta name="DC.Relation" scheme="URI" content="rzamvmanagesec.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="securityexit" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Use security exit programs</title>
</head>
<body id="securityexit"><a name="securityexit"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Use security exit programs</h1>
<div><p>Some system functions provide an exit so that your system can run
a user-created program to perform additional checking and validation. For
example, you can set up your system to run an exit program every time that
someone attempts to open a DDM (distributed data management) file on your
system. </p>
<div class="section"><h4 class="sectiontitle">Sources of Sample Exit Programs</h4>You can use the registration
function to specify exit programs that run under certain conditions. The following
table provides a list of these exit programs and sources for example programs.
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Sources of Sample Exit Programs</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e25">Type of exit programs</th>
<th valign="bottom" id="d0e27">Purpose</th>
<th valign="bottom" id="d0e29">Where to find examples</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e25 ">Password validation</td>
<td valign="top" headers="d0e27 ">The QPWDVLDPGM system value can specify a program name
or indicate that validation programs registered for the QIBM_QSY_VLD_PASSWRD
exit point be used to check a new password for additional requirements that
are not handled by the QPWDxxx system values. The use of this program should
be carefully monitored because it receives unencrypted passwords. This program
should not store passwords in a file or pass them to another program.</td>
<td valign="top" headers="d0e29 "><ul><li>An Implementation Guide for iSeries™ Security and Auditing, GG244200 </li>
<li>iSeries Security
Reference, SC41-5302-07</li>
</ul>
</td>
</tr>
<tr><td valign="top" headers="d0e25 ">PC Support/400 or Client Access access<sup>1</sup></td>
<td valign="top" headers="d0e27 ">You can specify this program name in the Client request
access (PCSACC) parameter of the network attributes to control the following
functions:<ul><li>Virtual printer function</li>
<li>File transfer function v Shared folders Type 2 function</li>
<li>Client access message function</li>
<li>Data queues</li>
<li>Remote SQL function</li>
</ul>
</td>
<td valign="top" headers="d0e29 ">An Implementation Guide for iSeries Security and Auditing, GG244200</td>
</tr>
<tr><td valign="top" headers="d0e25 ">Distributed Data Management (DDM) access</td>
<td valign="top" headers="d0e27 ">You can specify this program name in the DDM request
access (DDMACC) parameter of the network attributes to control the following
functions:<ul><li>Shared folders Type 0 and 1 function</li>
<li>Submit Remote Command function</li>
</ul>
</td>
<td valign="top" headers="d0e29 ">An Implementation Guide for iSeries Security and Auditing, GG244200</td>
</tr>
<tr><td valign="top" headers="d0e25 ">Remote sign on</td>
<td valign="top" headers="d0e27 ">You can specify a program in the QRMTSIGN system value
to control what users can be automatically signed on from which locations
(pass-through.)</td>
<td valign="top" headers="d0e29 ">An Implementation Guide for iSeries Security and Auditing, GG244200</td>
</tr>
<tr><td valign="top" headers="d0e25 ">Open Database Connectivity (ODBC) with iSeries Access<sup>1</sup></td>
<td valign="top" headers="d0e27 ">Control the following functions of ODBC:<ul><li>Whether ODBC is allowed at all.</li>
<li>What functions are allowed for iSeries database files.</li>
<li>What SQL statements are allowed.</li>
<li>What information can be retrieved about database server objects.</li>
<li>What SQL catalog functions are allowed.</li>
</ul>
</td>
<td valign="top" headers="d0e29 ">None available</td>
</tr>
<tr><td valign="top" headers="d0e25 ">QSYSMSG break handling program</td>
<td valign="top" headers="d0e27 ">You can create a program to monitor the QSYSMSG message
queue and take appropriate action (such as notifying the security administrator)
depending on the type of message.</td>
<td valign="top" headers="d0e29 ">An Implementation Guide for iSeries Security and Auditing, GG244200</td>
</tr>
<tr><td valign="top" headers="d0e25 ">TCP/IP</td>
<td valign="top" headers="d0e27 ">Several TCP/IP servers (such as FTP, TFTP, TELNET, and
REXEC) provide exit points. You can add exit programs to handle log-on and
to validate user requests, such as requests to get or put a specific file.
You can also use these exits to provide anonymous FTP on your system.</td>
<td valign="top" headers="d0e29 ">TCP/IP User Exits in the iSeries System API Reference book</td>
</tr>
<tr><td valign="top" headers="d0e25 ">User profile changes</td>
<td valign="top" headers="d0e27 ">You can create exit programs for the following user
profile commands: CHGUSRPRF CRTUSRPRF DLTUSRPRF RSTUSRPRF</td>
<td valign="top" headers="d0e29 "><ul><li>iSeries Security
Reference, SC41-5302-07 </li>
<li>TCP/IP User Exits in the iSeries System API Reference book</li>
</ul>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmanagesec.htm" title="Once you've planned and implemented your security strategy, there remains the task of managing the security of your system.">Manage security</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink