IBM SC41-5420-04 Server User Manual


 
Table 9. TCP/IP Application Exit Points (continued)
TCP/IP Application Exit Point Exit Point Format
Note:
1
The same interface format is used for request validation for the FTP client, FTP server, REXEC server, and
TFTP server. This allows the use of one exit program for request validation of any combination of these
applications.
2
The same interface format is used for server log-on processing for the FTP server and REXEC server
applications. This allows the use of one exit program to process log-on requests for both of these
applications.
3
For a detailed description of the DHCP exit points and how to use them, see System API Reference
(http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/info/apis/api.htm) in the Information
Center. If you are using the Supplemental Manuals CD, then switch to the iSeries Information Center CD
to access this information.
Creating Exit Programs
There are several steps involved in designing and writing exit programs. They
include:
1. Review the purpose of the exit point and the format of its interface
2. Define the scope and operation of your exit program
3. Design the exit program
4. Code the exit program
5. Add the exit program to the appropriate exit point in the registration facility.
(See Adding Your Exit Program to the Registration Facility for instructions on
how to do this.)
Note: Only users with both *SECADM and *ALLOBJ authority are allowed to
add and remove TCP/IP application exit programs.
6. Test your exit program
v Tests for each user ID
v Tests for each operation
The most important step in establishing security exit programs is verifying that
the exit program works. You must assure that the security wall works and does
not have any weaknesses.
Notes:
1. If the exit program fails or returns an incorrect output parameter, the operation
will not be allowed by the TCP/IP application.
2. To ensure the highest level of security, create the exit program in a library that
has *PUBLIC authority of *EXCLUDE and give the exit program itself a
*PUBLIC authority of *EXCLUDE. The TCP/IP application adopts authority
when it is necessary to resolve and call the exit program.
Adding Your Exit Program to the Registration Facility
To add your exit program, run the Work with Registration Information
(WRKREGINF) command. The following display is shown:
Appendix B. TCP/IP Application Exit Points and Programs 81
||
|
|