ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvresprotectserver.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Protect the server from remote commands and procedures" />
<meta name="abstract" content="This topic explains why you need to consider how remote commands and procedures can be run on your server." />
<meta name="description" content="This topic explains why you need to consider how remote commands and procedures can be run on your server." />
<meta name="DC.Relation" scheme="URI" content="rzamvsecstation.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="resprotectserver" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Protect the server from remote commands and procedures</title>
</head>
<body id="resprotectserver"><a name="resprotectserver"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Protect the server from remote commands and procedures</h1>
<div><p>This topic explains why you need to consider how remote commands and procedures can be run on your server.</p>
<div class="p">A knowledgeable PC user with software such as iSeries™ Access can run commands on the server without going through the Sign On display. The following are several methods that are available for PC users to run server commands. Your client/server software determines the methods that your PC users have available to them.<ul><li>A user can open a DDM file and use the remote command function to run a command.</li>
<li>Some software, such as iSeries Access optimized clients, provides the remote command function through Distributed Program Call (DPC) APIs, without the use of DDM.</li>
<li>Some software, such as remote SQL and ODBC, provides a remote command function without either DDM or DPC.</li>
</ul>
For client/server software that uses DDM for remote command support, you can use the DDMACC network attribute to prevent remote commands completely. For client/server software that uses other server support, you can register exit programs for the server. If you want to allow remote commands, you must make sure that your object authority scheme protects your data adequately. Remote command capability is equivalent to giving a user a command line. In addition, when iSeries receives a remote command through DDM, the system does not enforce the user profiles Limited capability (LMTCPB) setting.</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvsecstation.htm" title="After you secure printer output, you should secure your workstations. You authorize workstations just like you authorize other objects on the system. Use the EDTOBJAUT command to give users authority to workstations.">Secure your workstations</a></div>
</div>
</div>
</body>
</html>