"Jan M. Nelken" <Un**********@Invalid.Domain> wrote in message news:<40********@news1.prserv.net>...
Kona wrote:
If we setup a gateway machine for the clients, is it also possible to
access my UDB database on my Sun machine directly ?
I ask you that because we would like to enable the access to the UBD
only from authorized clients. We would like to prevent UDB access from
unauthorized clients workstations that have setup an ODBC and access
the DB using a foreign tool like MS Query.
You most likely would like to control access (by GRANTing CONNECT
priviledge to users or group) at UDB server.
There is nothing like "authorised" versus "unauthorised" workstation in
native UDB. Remember that for ODBC access you have to have as a minimum
the DB2 UDB Run-Time client installed on the workstation.
so the matrix looks like:
RT Client -------------------------------------------> UDB Server
(or other clients)
or
RT Client -----------> DB2 Connect Gateway ------------> DRDA HOST
(or other clients)
or
DB2 Connect Personal Edition --------------------------> DRDA HOST
There are several other possibilities as well (Federated Database
Support) to consider - so perhaps reviewing DB2 Books may help you a bit
more.
As a rule - DB2 Connect is used when ultimate destination is DRDA Host
(DB2 for VSE/VM, DB2/400 or DB2/zOS).
Jan M. Nelken
Hello Jan,
Remember that for ODBC access you have to have as a minimum
the DB2 UDB Run-Time client installed on the workstation.
Case 1 : normal user on agreed workstation
Application
-------------------
IBM DB2 ODBC DRIVER
-------------------
Run-Time DB2 ----------DB2 Gateway------------- UDB Unix
server
-------------------
All security rules are set by the application.
Case 3 : normal user on agreed workstation
Application / MSQUERY
-------------------
IBM DB2 ODBC DRIVER
-------------------
Run-Time DB2 ----------DB2 Gateway------------- UDB Unix
server
-------------------
In this case the user could use MSQUERY to by-pass security rules set
by the Application.
Case 4 : Hacker
MSQUERY
-------------------
IBM DB2 ODBC DRIVER
-------------------
Run-Time DB2 --------------------------------- UDB Unix
server
-------------------
We suppose that the hacker knowns all informations like
username/pasword and DSN configuration.
But he access the UDB directly, no DB2 Gateway.
In this case is it possible to tell that the UDB server only accept
connexions from DB2 Gateway ?
I thing that SSL is not supported by DB2connect, an other way ?
Thank you