Security considerations

 

Security considerations for iSeries™ Access for Web include user authentication, specifying user access, object-level security, using a security protocol, and the use of exit programs.

 

Authentication

iSeries Access for Web needs to have the user identity authenticated so that i5/OS® resources are accessed with the correct user profile. The methods of authenticating the user identity are different for the Web application and the portal application.

 

Restricting access to functions

Users can be restricted from accessing iSeries Access for Web functions. Different methods of restricting access are used in the Web application and the portal application.

For information on restricting access to functions for the Web application, see the "Policies" topic.

For information on restricting access to functions for the portal application, see the "Portal roles" topic.

 

Object level security

iSeries Access for Web uses object level security when accessing i5/OS resources. Users will not be able to access i5/OS resources if their i5/OS user profile does not have the proper authority.

 

Secure HTTP (HTTPS)

You can configure the system to use a security protocol, called Secure Sockets Layer (SSL), for data encryption and client/server authentication. For information about SSL, HTTPS, and digital certificates, see the following:

 

Exit programs

iSeries Access for Web makes extensive use of the following Host Servers:

Exit programs that restrict access to these servers, especially Remote Command/Program Call, will cause all or portions of iSeries Access for Web to not function.

 

Parent topic:

Planning for iSeries Access for Web

Related concepts
Browser considerations Policies Portal roles

Related information
Digital Certificate Manager (DCM)