The host integration server sql traffic passes thru the DDMACC exit
point of the as400. But that exit point has minimal information and is
called at the initial connection only.
The database server exit points, qibm_qzda_init, ndb1, sql2, roi1, are
not called for what I am guessing is OLE DB access to the as400
database.
Are there other exit points I am not aware of? I think the client
access .net provider also uses ole db. So going by this little bit
that I know, I cant use exit points to filter out sql access that
arrives via that route also?
-Steve
Steve:
Not much I can add to this. It looks like you've got a clear picture of
the situation. Only advice I can offer is to take care in allowing those
connections.
--
Tom Liotta
http://zap.to/tl400
thanks for the confirmation Tom. Likely, the IBM OLEDB .Net provider
takes the same, unmonitorable, route to the as400 database as HIS
does. What is the point of locking down ODBC access to the system
when OLEDB access ( if that is what it is called ) cant be secured the
way ODBC can?
-Steve
Regards, Chuck
--
All comments provided "as is" with no warranties of any kind
whatsoever and may not represent positions, strategies, nor views of my
employer
just tried it. sorry to say, no effect.
when I run odbc code from the PC, the zdai0100 and zdaq0200 exit
points fire on the as400. When I execute sql on the as400 from HIS,
the only exit point that is called is DDMACC.
thanks for the tip,
-Steve
If you're worried about the exposure, one possible solution might be to only use
middleware that doesn't rely on DRDA and then end the *DDM TCP server.
--
Kent Milligan
ISV Enablement - System i
km...@us.eye-bee-m.com (spam trick) GO HAWKEYES!!
>>> ibm.com/iseries/db2
(opinions stated are not necessarily those of my employer)