Once you want to use FTP and ODBC you will have to first examine your object level security to see if your implementation is sufficient to prevent unwanted downloads and uploads of critical data. Users who have *CHANGE authority to a file can download it, modify it and then upload it back to the iSeries. Users who have *USE authority to a file can download that file. While *USE sounds safe enough you typically don't want users downloading your HR data, customer list, etc. In my experience it is very, very rare that a company's object level security is sufficient to secure FTP and ODBC. So now your option for securing FTP and ODBC is exit programs. The next decision to make is whether you are going to write your own exit programs or buy a software package that provides this support. Exit program formats are documented by IBM, but the formats vary from server to server. FTP is pretty straightforward, but ODBC is particularly complex. Some companies have successfully written and implemented their own exit programs, but most leave that up to a third-party software vendor. Many of those who wrote them initially get tired of maintaining them from release to release or want to do more complex operations or secure more servers end up buying a third-party application.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Dig Deeper on iSeries system and application security
Related Q&A from Carol Woodbury
Before changing password levels and upgrading operating systems on the AS/400, ensure the clients connecting to the NetServer do not need the old ... Continue Reading
Look in the audit journal (QAUDJRN) on the AS/400 for an authority failure message with the name of the library as the object name. Use the ... Continue Reading
When error messages arise concerning attempts to use a permanent system object without authority, find the source of the issue by looking for an AF ... Continue Reading