Manage Learn to apply best practices and optimize your operations.

Securing applications

I have an application on the iSeries that can either be accessed via green screen or by Web access using the HTTP server. I have individual user profiles for all users.

If a user accesses the application via the green screen, the UPPSOD previous sign-on date: YYMMDD field is updated with the user's last sign on date. If a user accesses the application via the web, the UPPSOD field is not updated. I run queries over the user profile file to determine who is using their IDs and who isn't and deactivate accordingly. With this field being left blank, the assumption is that the user isn't using their ID. I found out the hard way that this isn't always the case.

I called IBM support about this problem, but the only thing they could suggest was to check the daily HTTP audit logs to see if the user has signed in. I may have 10-100 users to check for a given period, so this isn't a workable option. This is a very serious security issue for me and any advice will be appreciated.
I would try looking at the Last Used Date of the profiles. This is one of the fields that the OS/400 Analyze Profile Activity function looks at (it also looks at the creation date, restoration date and last sign on date.) The last sign on date is only updated when the user actually signs on the system using a sign on screen. However, interfaces such as the Web server and FTP use an interface that will cause the Last Used Date to be updated. The Last Used Date is also updated when a user signs on so this field should give you an accurate representation of which profiles are truly "inactive."


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.