Re: ODBC Security Concerns

[John Earl <johnearl@xxxxxxxxxx>]

John Cirocco wrote:

<snip>

>  1)  There was a great thread on NEWS400.COM regarding ODBC security
> concerns and was to solve for them.  Since they redid their site I cannot find
> that great discusion.  Did anyone happen to save the details???

I was a participant in that thread, and I'm sure I have some of the details
around.  Paul Conte spokeill of Exit programs in a Newswire (how dare he!  :) 
and I
submitted a rebuttal.  That began a storm
of protest at his attack and NEWS/400 published all of them on theore web site.

Look in the Newswire archives, and if you don't find it there, I'm sure I have 
most
of it in my old
email program.  SDrop me a line and I'll forward what I have.


>  2) Secondly, I would appreciate any details on securing ODBC updates
> from occuring globally.  My concern is not with read access as I understand 
>how
> to solve that issue.  As for update access, I would rather not place a trigger
> on every file that will be open to viewing.

You can prevent OBDC updates by writing or buying exit programs that block all 
of
the various file
update tools.  This includes the SQL and Native Database interfaces.  While 
you're
at it, you may
want to block some other kinds of accesses such as remote command, file 
transfer,
and DDM.  You  must also be sure that you are blocking both the Original as 
well as
the Optimized servers.

Obligatory disclosure.  Our company sells an Exit Point security package.  You 
can
learn more
about it at www.lns400.com.


jte


--
John Earl Lighthouse Software Inc.
8514 71st NW Gig Harbor, WA 98335
253-858-7388 johnearl@lns400.com

Without Lighthouse Network Security/400, your AS/400 is wide open.
--


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---