Browse Prior Art Database

Prevent Unauthorized Access to Data in Database Servers by the Transaction Manager

IP.com Disclosure Number: IPCOM000111255D
Original Publication Date: 1994-Feb-01
Included in the Prior Art Database: 2005-Mar-26
Document File: 2 page(s) / 88K

Publishing Venue

IBM

Related People

Becker, DJ: AUTHOR [+2]

Abstract

The Information Management System (IMS) Transaction Manager (TM) product contains a security exposure for certain application systems coded to use specific names for Input and Output (I/O) queues. The TM allows two ways to define terminals and I/O queues. Terminals defined to the TM by a system definition are called STATIC terminals and terminals defined dynamically at logon time are called Extended Terminal Option (ETO) terminals. I/O queues can be defined to be associated with RACF userids or with terminal nodenames. The TM provides input and output security for all I/O queues associated with RACF userids but not for I/O queues associated with specific terminal nodenames.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 34% of the total text.

Prevent Unauthorized Access to Data in Database Servers by the Transaction
Manager

      The Information Management System (IMS) Transaction Manager
(TM) product contains a security exposure for certain application
systems coded to use specific names for Input and Output (I/O)
queues.  The TM allows two ways to define terminals and I/O queues.
Terminals defined to the TM by a system definition are called STATIC
terminals and terminals defined dynamically at logon time are called
Extended Terminal Option (ETO) terminals.  I/O queues can be defined
to be associated with RACF userids or with terminal nodenames.  The
TM provides input and output security for all I/O queues associated
with RACF userids but not for I/O queues associated with specific
terminal nodenames.  I/O queues assigned to specific terminals can be
defined in the TM system definition for STATIC terminals and by 'User
NODE Descriptors' for ETO terminals.

      The TM product does not provide I/O security for STATIC
terminals because it associates all I/O queues to nodenames rather
than to RACF userids.  Also the TM does not provide I/O security for
ETO terminals when 'User NODE Descriptors' are used to assign I/O
queues.  In both cases the TM cannot identify the owner of the I/O
queuea because they are assigned to specific terminals.  The TM does
not protect these data queues from unauthorized use.

      The TM cannot provide security for I/O queues associated with
specific terminal nodenames because any user can log onto these
terminals after a disconnect and use all the privileges of the
previous user's application systems that had not been properly
terminated.  The user can update, retrieve, delete, insert data, or
print the data depending on the previous user's authority in these
application systems that can access data anywhere - DB2, SQL/DS,
IMS/ESA Database, SQL/400, OS2/SQL, and flat files.

      A new feature has been designed and programmed to associate
RACF userids with terminal nodenames for all application systems that
use I/O queues.  The new security feature keeps a record of RACF
userids by nodename for all users that successfully sign onto the TM.
If there is a disconnect for any reason, another user cannot log onto
this terminal when existing application systems are running from a
different userid of that terminal.  The new feature prevents
unauthorized access to I/O queues and to data from database servers
of other users regardless of whether the I/O queues are given the
same name as the RACF userid or some other names which are associated
with specific terminals.

      A generalized solution for subystems that are designed to
associate I/O queues with nodenames is to create a userid/nodename
logon table that identifies ownership of nodenames by RACF userids.
The record is kept in the userid/nodename table external to the
subsystem.  The userid and nodename is always saved in the
userid/nodename table after the user successf...