friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvrestoresysvalplan.htm

80 lines
5.5 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Security-related restore system values" />
<meta name="abstract" content="Restoring programs to your system represents a security exposure." />
<meta name="description" content="Restoring programs to your system represents a security exposure." />
<meta name="DC.Relation" scheme="URI" content="rzamvplansyslvlsec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvqvryobjrst.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvqfrccvnrst.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvqalwobjrst.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="restoresysvalplan" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Security-related restore system values</title>
</head>
<body id="restoresysvalplan"><a name="restoresysvalplan"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Security-related restore system values</h1>
<div><p>Restoring programs to your system represents a security exposure.</p>
<div class="p"> A restored program may have been altered to perform functions that you
do not intend, or the program may adopt the authority of a powerful user profile.
These system values work together to determine the action the system takes
regarding security-related objects. When preparing for a restore operation,
you need to understand how the following security-related restore system values
work together to restore objects securely. <ul><li>Verify object signatures during restore</li>
<li>Force conversion on a restore</li>
<li>Allow restore for security-sensitive objects</li>
<li>Scan objects that are accessed after a restore operation</li>
</ul>
</div>
<p>The verify object signature during restore system value controls the restore
of digitally signed objects. Digital signatures provide enhanced integrity
protection by ensuring that objects on the system have not been altered and
come from a trusted source. This system value verify the signature on these
objects by validating that the signer is trusted. If the object passes this
system value without errors. The system then checks the value of force conversion
on restore system value.</p>
<p> This second system value that the system checks determine whether to force
the conversion objects during a restore operation. The force conversion on
a restore system value allows you to specify whether or not to convert programs,
service programs, SQL packages, and module objects during the restore. It
can also prevent some objects from being restored. In addition to this system
value, you can specify the Force object conversion (*FRCOBJCVN) parameter
when you issue a restore command. Only objects that can get past the first
two filters are processed by the third system value. </p>
<p>The allow restore of security-sensitive objects (QALWOBJRST) system value
specifies whether or not objects with security-sensitive attributes can be
restored. </p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvqvryobjrst.htm">Verify object on restore</a></strong><br />
The Verify Object on Restore (QVFYOBJRST) system value determines whether objects are required to have digital signatures in order to be restored to your system.</li>
<li class="ulchildlink"><strong><a href="rzamvqfrccvnrst.htm">Force conversion on restore</a></strong><br />
This system value allows you to specify whether or not to convert some object types during a restore. You can also use it to prevent some objects from being restored.</li>
<li class="ulchildlink"><strong><a href="rzamvqalwobjrst.htm">Allow restore for security-sensitive objects</a></strong><br />
Three system values, Verify Object on Restore (QVFYOBJRST), Force Conversion on Restore (QFRCCVNRST), and Allow Object Restore (QALWOBJRST), act as a series of filters to determine whether a program is restored without change, whether it is re-created as it is restored, or whether it is not restored to the system.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansyslvlsec.htm" title="System security entails controlling user access and their privileges, maintaining information integrity, monitoring processes and access, auditing system functions, and providing backup and recovery of security related information.">Plan system security</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink