51 lines
3.7 KiB
HTML
51 lines
3.7 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Considerations for certain passwords being passed as clear text" />
|
|
<meta name="abstract" content="Although iSeries supports the encryption of connection passwords, one of the connection security options you can specify in setting up an RDB directory entry is *USRIDPWD." />
|
|
<meta name="description" content="Although iSeries supports the encryption of connection passwords, one of the connection security options you can specify in setting up an RDB directory entry is *USRIDPWD." />
|
|
<meta name="DC.Relation" scheme="URI" content="rbae5elementtcpip.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rbae5clearpass" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Considerations for certain passwords being passed as clear text</title>
|
|
</head>
|
|
<body id="rbae5clearpass"><a name="rbae5clearpass"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Considerations for certain passwords being passed as clear text</h1>
|
|
<div><p>Although <span class="keyword">iSeries™</span> supports
|
|
the encryption of connection passwords, one of the connection security options
|
|
you can specify in setting up an RDB directory entry is *USRIDPWD.</p>
|
|
<p>See the <span class="cmdname">Add RDB Directory Entry</span> command and the <span class="cmdname">Change
|
|
Relational Database Directory Entry</span> command in Working with the
|
|
relational database directory for more information.</p>
|
|
<p>If the server to which the connection is made allows the *USRIDPWD security
|
|
option, the connection password can flow unencrypted. In V5R3, the SQL SET
|
|
ENCRYPTION PASSWORD statement and the ENCRYPT function can also cause passwords
|
|
to flow over the network unencrypted. Currently, there are two possible solutions
|
|
for encrypting datastreams. One is to use IPSec. As the other possibility,
|
|
if you are using an AR that supports SSL, you can use that protocol to encrypt
|
|
data transmitted to and from an <span class="keyword">iSeries</span> AS.</p>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbae5elementtcpip.htm" title="DDM and DRDA over native TCP/IP does not use i5/OS communications security services and concepts such as communications devices, modes, secure location attributes, and conversation security levels which are associated with Advanced Program-to-Program Communication (APPC). Therefore, security setup for TCP/IP is quite different.">Elements of security in a TCP/IP network</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |