By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,756 Members | 1,749 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,756 IT Pros & Developers. It's quick & easy.

WANT limit the database accessible to some machine

P: n/a
DB2 V8 UDB fixpack 5 on windows

I dont want all the client can do catalog, so that they cannot access
DB2 directlry.
This is all the DBM CFG I found related,
CATALOG_NOAUTH
DISCOVER
DISCOVER_INST
and DB CFG
DISCOVER_DB
But those cannot limit the client do a
catalog tcpip node
and
catalog db
from their machine.

How can I hide the database?
Thanks

Nov 12 '05 #1
Share this Question
Share on Google+
8 Replies


P: n/a
<sh*******@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com...
DB2 V8 UDB fixpack 5 on windows

I dont want all the client can do catalog, so that they cannot access
DB2 directlry.
This is all the DBM CFG I found related,
CATALOG_NOAUTH
DISCOVER
DISCOVER_INST
and DB CFG
DISCOVER_DB
But those cannot limit the client do a
catalog tcpip node
and
catalog db
from their machine.

How can I hide the database?
Thanks

You can revoke connect authority to public, and grant it to specific users.
This a database authorization.
Nov 12 '05 #2

P: n/a
The username/password maybe calculated by some hacking tools. So I want
also limit the computer.

Nov 12 '05 #3

P: n/a
sh*******@gmail.com wrote:
The username/password maybe calculated by some hacking tools. So I want
also limit the computer.


Is using a firewall to control the DB2 instance-specific port a possibility?

--
Knut Stolze
DB2 Information Integration Development
IBM Germany
Nov 12 '05 #4

P: n/a
Only want to limit at the database level, not instance level. Currently
there is multiple db under 1 instance.
Have to create multiple db2 instance if using Firewall.

Nov 12 '05 #5

P: n/a
Ian
sh*******@gmail.com wrote:
The username/password maybe calculated by some hacking tools. So I want
also limit the computer.


Then use AUTHENTICATION = SERVER_ENCRYPT or Kerberos.

Nov 12 '05 #6

P: n/a
Ian
sh*******@gmail.com wrote:
Only want to limit at the database level, not instance level. Currently
there is multiple db under 1 instance.
Have to create multiple db2 instance if using Firewall.


Also, you realize that you can "hide" the database from discovery, but
you can't prevent someone who knows the IP address, port number and
database name from connecting (i.e. Java Type 4 driver - you don't
even have to catalog the database).
Nov 12 '05 #7

P: n/a
Are you using domain security and active directory ? Perhaps there is a
way to add the workstation computers you want to allow access to a new
group and allow access via that ? Not sure it would work but it may if
you add the groups accordingly to DB2 and set the access appropriately
at the domain controller.

Who knows .. just a thought.

Nov 12 '05 #8

P: n/a
Which is why you should be using Kerberos authentication.

Limiting the computer won't help, as the IP address can be spoofed. Liniting
cataloguing won't help, as you don't need to catalogue to connect. Solve
security problems by getting the security right, not by attacking symptoms
that aren't even relevant.

<sh*******@gmail.com> wrote in message
news:11**********************@g43g2000cwa.googlegr oups.com...
The username/password maybe calculated by some hacking tools. So I want
also limit the computer.

Nov 12 '05 #9

This discussion thread is closed

Replies have been disabled for this discussion.