|
If your customer has written the application or doesn't mind changing
the application program, the best (most robust) solution is to set
*PUBLIC authority of the files to *EXCLUDE (protecting the file from
being accessed through DDM) and changing the application to adopt
authority when accessing the files. The application program owner needs
to be authorized to or own the files. This way, access to the file is
protected not just through DDM, but through all interfaces that might
currently exist and any of the interfaces that might come up in the
future. However, because the owner of the program has sufficient
authority, access is still allowed through the application.
This is the
preferred method over trying to protect these files via exit point
software because, once again, by using object level security, you
protect the file from being accessed from ALL interfaces. If you aren't
familiar with adopted authority or have questions regarding it, you
might check out my Security Patrol article on the subject here.
==================================
MORE INFORMATION ON THIS TOPIC
==================================
The Best Web Links: Tips, tutorials and more.
Search400.com's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Read this Search400.com Featured Topic: Secure your iSeries
|
