Vous êtes ici : Actualités | Articles techniques

Articles techniques

Dan Riehl

Articles techniques rédigés par Dan Riehl

Retrouvez d'innombrables sujets techniques, relatifs à l'audit et la sécurité sur IBM i, détaillés par Dan Riehl, l'expert en sécurité sur IBM i, au travers de :

  • ainsi que sa lettre d'informations "SecureMyi Security Newsletter for the IBM i".

Après avoir quitté PowerTech Group fin 2008, dont il fut l’un des fondateurs, Dan Riehl est président de IT Security and Compliance Group et propose des prestations de consulting et des formations avancées autour de la sécurité sur IBM i.
Expert reconnu en sécurité sur IBM i, Dan Riehl a écrit de nombreux ouvrages sur le sujet.
Il anime régulièrement des cours et des séminaires, et publie ses conseils dans sa lettre d'informations bimensuelle "SecureMyi Security Newsletter for the IBM i".

Lire les articles


Lire la newsletter

TechTip: Analyze Your Programs and Applications

Rédigé par Jean-Paul Lamontre, Software Engineer chez Cilasoft (publié sur MC Press Online).

Part I: "In the first of this series of TechTips, find information about each object in each library."

Part II: "The first part of this article series showed how DSPOBJD can easily provide statistics to manage a general recompilation project. But it only touched the surface of all the things you get with the DSPxxx commands.
Let's start with a review of the information we gathered in Part I by just using DSPOBJD."

Part III: "Fill the gap between modules and ILE programs for a full panorama of your ILE application."



Lire le 1er article


Lire le 2ème article


Lire le 3ème article

TechTip: Audit Your Exit Points

6 juillet 2012
Rédigé par Jean-Paul Lamontre, Software Engineer chez Cilasoft (publié sur MC Press Online).

"Did the previous administrator leave the machine clean, or did he leave a time bomb somewhere?

Suppose it's the beginning of a new year, and the first time the human resources manager logs into payroll, he unknowingly sends the file of annual salaries to an email address it shouldn't go to, by directly Telnet-ing port 25, something discreet and undetectable.

This scenario is not absurd. Programs to implement this feature are not very complex; the mechanisms to implement them are public and very well-documented on the Internet.

The question I raise is this: If I were a malicious administrator, how would I trigger this code so that information leakage can continue for years without anyone noticing?..."

Lire la suite

Jean-Paul Lamontre

When CCSID Constants Vary, Part III

6 juillet 2011
Rédigé par Jean-Paul Lamontre, Software Engineer chez Cilasoft (publié sur MC Press Online).

"Learn some tips and tricks to correctly handle literal constants.

My first article described how a CCSID variation can turn a program crazy. My second article described the solution, which requires correctly handling literal constants. In this last article, I share some tips and tricks I found while solving the bug with the @..."

Lire la suite

Jean-Paul Lamontre

When CCSID Constants Vary, Part II

6 juin 2011
Rédigé par Jean-Paul Lamontre, Software Engineer chez Cilasoft (publié sur MC Press Online).

"Don't let a small thing like a literal string completely ruin your multi-national program.

The variations of CCSID are a vast topic and are in fact the main issue to consider during globalization of an application. You will find many pages on the Web on this topic (search for Unicode, CCSID, globalization, or national language support). Some of the most interesting are the ones from the IBM i Information Center.
 
In my previous article, I showed how a simple line of RPG code can turn a program haywire just because the JOB CCSID has changed. In this article, I will explain how to handle literal strings, which are sensitive to CCSID variations..."

Lire la suite

Jean-Paul Lamontre

When CCSID Constants Vary, Part I

4 mai 2011
Rédigé par Jean-Paul Lamontre, Software Engineer chez Cilasoft (publié sur MC Press Online).

"Learn how one simple character can make a program go crazy.

Several years ago, I wrote an email processing program for the System i and posted the source on my Web site. Several people have downloaded the code, compiled the program, and run it without any problems…until recently. For a few months now, people have been reporting that the program crashes. The program MAIL, which worked perfectly for several years, suddenly went haywire..."

Lire la suite

Guy Marmorat

Journaling: An Invaluable Source of Information for Compliance Auditing

1er février 2007
Rédigé par Guy Marmorat, Directeur Technique de Cilasoft (publié dans MC Showcase)

"Companies are finding it increasingly difficult to maintain an effective compliancy program as auditors continue to adapt the guidelines of regulations like SOX, HIPAA, and BASEL II. IT departments have discovered that the System i journaling function offers a source of information that is reliable and provides a level of flexibility that allows companies to adapt to changing requirements.

This article explains why journaling provides the best audit trail, it shows the best approach to incorporating journaling into a well-designed compliancy process, and it addresses how to meet the expectations of auditors while avoiding the main traps of journaling..."

Lire la suite (pdf)