• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Raz-Lee Reels In The File Editors

    April 10, 2019 Alex Woodie

    File editors can be great time-savers in certain situations. Who wouldn’t want developers to be able to quickly get into a database file, fix some errors, and then jump back out? Clearly, the answer is the security department. But thanks to a new solution from Raz-Lee Security called iSecurity Safe Update, file editors can be used without giving the security officer nightmares.

    File editors are among the most popular products on the IBM i platform, thanks to their capability to developers and administrators to make changes to data quickly and easily, without requiring programming. The IBM i operating system comes with Data File Utility (DFU), not to mention the Start SQL (STRSQL) command.

    There are plenty of IBM i professionals who absolutely swear by products like ProData‘s Database Utility (DBU) as an indispensable tool on their belt. Other popular products include HelpSystems Surveyor/400, WRKDBF, and even Raz-Lee Security’s own Filescope offering, which is focused on exploring security.

    However, with great power comes great responsibility, and that’s a problem when it comes to file editors and the Start SQL (STRSQL) command. While the better file editors like DBU track all activity, it’s still possible for an ill-informed (or malicious) user to do some damage with a file editor or direct SQL access to the database, especially when working on a live production system.

    What’s more, government regulations, including the Sarbanes-Oxley Act, explicitly require covered computers to be modified only by allowed programs. In that sense, the ad-hoc, one-off nature of file editor use is in direct conflict with today’s corporate environment, which demands strict adherence to rigor and process.

    “File editors can be considered as a threat as it allows users to bypass the organization application rules, which are implemented in the programs that are normally used in the organization,” Raz-Lee CEO Shmuel Zailer tells IT Jungle. “Actually, the easiest way to conduct a fraud is by usage of a file editor. Most companies, and of course banks, insurance companies, and others in the financial sector, ban file editor use.”

    Raz-Lee has tried to address the file editor conundrum before by using object authorities and user access authorization, according to Zailer. However, those attempts came up short. But now the company has a new way of enabling file editors to be used without violating security rules. The new product called Safe-Update provides that capability.

    Zailer explains:

    “We talk about protecting business critical files from file editors, but end up using the existing authority system to prevent programmers from accessing the files,” he says. “That isn’t what we wanted. With the added security layer that Safe-Update provides, we finally can ensure that file updates are done by allowed programs only, unless specific temporary permission was set.”

    “Safe-Update provides a method for programmers to use file editors or STSQL without violating security procedures.”

    Raz-Lee says Safe-Update protects IBM i shops by ensuring that updates are done by a preset list of programs, which can include or exclude file editors or the STRSQL command. The company says file editors can be used, as long as they don’t issue any updates. But if there is a need to allow updates by file editors, Safe-Update can allow it by using a new permission system.

    Safe-Update allows a developer to get access to a file editor or STRSQL only if a work order has been entered into the system. The task that’s to be performed is specified in the work order, and the programmer can begin fulfilling the work order through a ticket.

    As long as that ticket is open, the programmer “can use any program to accomplish the mission, knowing that all updates are fully documented,” Raz-Lee says. The ticket can limit the scope of the work to be done according to files, time, and the number of operations that are allowed. If the programmer stops using the ticket, the ticket is automatically closed.

    Safe-Update can be configured to automatically kick-in whenever a programmer attempts to update a production system. When an update is attempted, a window will pop up requesting the ticket, Raz-Lee says. The ticket may or may not require permission from a manager. “Less security-focused organizations can allow programmers to open ad-hoc tickets directly while specifying the reason for them,” the company says.

    RELATED STORIES

    Raz-Lee Debuts Anti-Ransomware For IBM i

    Raz-Lee Tackles Excessive Authorities with Free Software

    Does IBM i Need Independent Security Vendors?

    Raz-Lee Adds Self-Auditing Feature to Security Products

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: IBM i, Sarbanes Oxley, SQL, STRSQL

    Sponsored by
    WorksRight Software

    Do you need area code information?
    Do you need ZIP Code information?
    Do you need ZIP+4 information?
    Do you need city name information?
    Do you need county information?
    Do you need a nearest dealer locator system?

    We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

    The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

    PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

    Just call us and we’ll arrange for 30 days FREE use of either ZIP/CITY or PER/ZIP4.

    WorksRight Software, Inc.
    Phone: 601-856-8337
    Fax: 601-856-9432
    Email: software@worksright.com
    Website: www.worksright.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Four Hundred Monitor, April 10 GoAnywhere Tops in MFT, Research Group Says

    One thought on “Raz-Lee Reels In The File Editors”

    • Bryan Schaap says:
      April 11, 2019 at 7:39 pm

      I was very interested in this article and the innovative solution that is described. However, as I reviewed the list of File Editors on the market that was provided, I was surprised and disappointed to see that “FEU” (File Edit Utility) was not included. FEU is a proven award-winning database utility product used by many thousands in over 100 countries. In particular, in light of the article’s subject matter, I’d like to point out that FEU offers many significant functions related to security and authorization, including user and object based authority and audit logging of any update activity. Applied Logic would be appreciative if you could include this information in whatever manner you feel appropriate. Thank you.

      Reply

    Leave a Reply Cancel reply

TFH Volume: 29 Issue: 24

This Issue Sponsored By

  • New Generation Software
  • ARCAD Software
  • COMMON
  • CNX
  • Manta Technologies

Table of Contents

  • Syncsort Debuts Unified IBM i Security Suite
  • GoAnywhere Tops in MFT, Research Group Says
  • Raz-Lee Reels In The File Editors
  • Four Hundred Monitor, April 10
  • IBM i PTF Guide, Volume 21, Number 14

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Security Still Top Concern, IBM i Marketplace Study Says
  • Bob Langieri Shares IBM i Career Trends Outlook for 2023
  • Kisco Brings Native SMS Messaging to IBM i
  • Four Hundred Monitor, February 1
  • 2023 IBM i Predictions, Part 4
  • Power Systems Did Indeed Grow Revenues Last Year
  • The IBM Power Trap: Three Mistakes That Leave You Stuck
  • Big Blue Decrees Its 2023 IBM Champions
  • As I See It: The Good, the Bad, And The Mistaken
  • IBM i PTF Guide, Volume 25, Number 5

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.