Access Controls for Registered Programs 

Purpose

You can protect against external programs from being registered by using an access control list (ACL). To do this set parameter gw/reg_info (see Security Parameters).

You can prevent any unauthorized registration of programs by making the relevant entries in file reginfo in the data directory of the gateway instance.

Provided this file exists, the system searches for valid registration entries in the access control list. If the file does not exist, the system searches in the file specified by gw/sec_info, as usual.

Since important security information is held in this file, the system administrator must take care to define the file authorization correctly. For example, read-only authorization for the file owner, and no authorization for all other users.

Process Flow

As soon as a program has registered in the gateway, the attributes of the retrieved entry (specifically NOACCESS) are passed on to the registered program. This means that if the file is changed and the new entries immediately become active when security data is reloaded, the servers already logged on will still have the old attributes. To assign the new settings to the registered programs too (if they have been changed at all), the servers must first be deregistered and then registered again.

The file is read when the gateway is started. Dynamic changes can be made by changing, adding to, or deleting entries in the reginfo file. Then the file can be immediately activated by reloading the security files.

When the gateway is started, both security files are read in again.

Successful and rejected registrations, and calls from registered programs can be ascertained using Gateway Logging with indicator S.

Any error lines are put in the trace file dev_rd, and are not read in.

For details of the structure of the reginfo file see under Defining the reginfo File.

More Information

Making Security Settings for External Programs