Manage Learn to apply best practices and optimize your operations.

Implementing FTP and ODBC security on the iSeries 400

I am in the process of implementing FTP and ODBC security on the iSeries 400. What best practice recommendations do you have for accomplishing this? Are exit programs the best way?

Once you want to use FTP and ODBC you will have to first examine your object level security to see if your implementation is sufficient to prevent unwanted downloads and uploads of critical data. Users who have *CHANGE authority to a file can download it, modify it and then upload it back to the iSeries. Users who have *USE authority to a file can download that file. While *USE sounds safe enough you typically don't want users downloading your HR data, customer list, etc. In my experience it is very, very rare that a company's object level security is sufficient to secure FTP and ODBC. So now your option for securing FTP and ODBC is exit programs. The next decision to make is whether you are going to write your own exit programs or buy a software package that provides this support. Exit program formats are documented by IBM, but the formats vary from server to server. FTP is pretty straightforward, but ODBC is particularly complex. Some companies have successfully written and implemented their own exit programs, but most leave that up to a third-party software vendor. Many of those who wrote them initially get tired of maintaining them from release to release or want to do more complex operations or secure more servers end up buying a third-party application.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Dig Deeper on iSeries system and application security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.