SlideShare ist ein Scribd-Unternehmen logo

Zend Core on IBM i - Security Considerations

ZendCon
ZendCon

Talk by Tony Cairns, IBM, at ZendCon 2009

Technologie
1 von 48
Downloaden Sie, um offline zu lesen
Zend Core for IBM i Security Considerations Tony “Ranger” Cairns
Developers are seeing PHP benefits but, managers are worried about PHP security. What can we do?
Option 1) Guarantee system security Step 1) Unplug system. Step 2) Lock in a vault.
Option 2) Start a security journey where valuable information assets may be used by authorized people for authorized purposes ... • Protect against outsiders – Would be web hackers – Bumbling user input • Protect against insiders – Would be corporate criminals – Careless programmers
An hour security pitch is not your answer... but if you believe security is a journey not a destination, this may help.
Step 1) Understand what we get out of the box. IBM i • RSTLICPGM I5_COMD • 5250 start / stop PASE *PGM, zend subsystem *SRVPGM • Dual Apache HTTP:89 configuration Server HTTP:8000 (Reverse Proxy) Server • i5 toolkit for program IFS access (i5_COMD) /www PHP Module • Multiple direct PHP DB2 access methods 5250 zend Zend Core subsystem admin tools DB2 UDB
What to protect in Zend Core for IBM i? • Internal Access (PHP) • External Access (Web) – Directories (web dirs) – ILE Apache • /www/zendcore • /www/zendcore/conf • /usr/local/Zend • httpd.conf – Stream files (web pages / scripts) – PASE Apache • /www/zendcore/htdocs • /usr/local/Zend/apache2/conf • /usr/local/Zend/apache2/htdocs • httpd.conf – Programs (web call) – PHP configuration • /qsys.lib/zendcore.lib • /usr/local/Zend/Core/etc • Toolkit called programs (RPG) • php.ini – User profiles – PHP programs (asset on ramp) • Nobody, NoGroup, etc. • db2_connect() • i5_connect()
Zend Core for IBM i installed profiles • NOBODY (*USER) • ZENDADMIN (*SECOFR) – PHP Apache server – Start/stop jobs in ZEND – Zend Core jobs (ZENDCOREAP) subsystem – Group = NOGROUP – Pseudo random generator (prngd) – Special authorities = *NONE – GROUP = *NONE • NOGROUP (*USER) – *ALL special authorities – Group profile • ZENDTECH (*USER) – For access to NOBODY – Update PHP configuration resources, other profiles may add – GROUP = *NONE • Group = NOGROUP – Special authorities = *NONE • MYSQL (*PGMR) – Mysql profile – Optional install – Special authorities = *NONE
Zend Core for IBM i access rights ... Execute Rights Access Rights I5_COMD PASE *PGM, *SRVPGM QTMHHTTP HTTP:89 CMD, ... Server (Reverse Proxy) HTTP:8000 NOBODY Server IFS NOGROUP /www/zendcore PHP /usr/local/Zend Module 5250 zend ZENDADMIN subsystem Zend Core ZENDTECH admin tools DB2 UDB *PUBLIC EXCLUDE
/www/zendcore • Default secure as of ZC 2.6.1 ... – Access control is no public access • /www/zendcore/* (drwxrws--- 5 nobody) – PUBLIC *EXCLUDE – NOBODY *RWX – Note: NOGROUP *RWX • /www – PUBLIC *RX – PUBLIC is not allowed access to PHP scripts or other information • Add group profile NOGROUP to other user profiles for access – QTMHHTTP – Group = NOGROUP Protect your PHP applications from public view
/usr/local/Zend • Default secure as of ZC 2.6.1 ... • More secure ... – Access control standard web – Access control only PHP web • /usr/local/Zend (drwxr-sr-x 5 qsecofr) • /usr/local/Zend (drwxr-s--- 5 qsecofr) – PUBLIC *RX – PUBLIC *EXCLUDE – QSECOFR *RWX (who install) • /usr – Note: NOGROUP *RX • /usr/local • /usr – PUBLIC *USE • /usr/local – Public will not be able to call PHP – PUBLIC *RX from command line or RPG program – Public is allowed access to PHP • Add group profile NOGROUP to other from command line or RPG user profiles for access program, etc. – QTMHHTTP – Group = NOGROUP Protect Zend Core web server, programs, configuration and files.
ZENDCORE • Default secure as of ZC 2.6.1 • More secure ... – PUBLIC *RX – PUBLIC *EXCLUDE – ZENDADMIN *RWX • Only PHP administrator can access programs (adopt QSECOFR) Protect Zend Core product library programs.
Apache configuration /www/zendcore/conf/httpd.conf /usr/local/Zend/apache2/conf/httpd.conf
Dual Apache ZC 2.6.1 (default) • ILE Apache:89 Browser HTTP:89 – Responds to any browser http://myi:89 Server – Reverse proxy (Reverse Proxy) • to PASE Apache:8000 – Configuration • http://myi:2001/HTTPAdmin->ZENDCORE – https is available • PASE Apache:8000 HTTP:8000 Browser – Responds to any browser Server http://myi:8000 – Also Reverse proxy via Apache:89 PHP Module – Configuration (edit only) • http://myi:2001/HTTPAdmin->PASENEW • /usr/local/Zend/apache2/conf/ • httpd.conf – https is available
Comparison of the Two HTTP Servers IBM HTTP Server Apache Server ZENDCORE server instance; using UNIX-based open source server 5722DG1 product ZENDCORE instance created and Server instance created and configured configured automatically when Zend automatically when Zend Core product is Core product is installed installed Server runs in IBM i Server runs in IBM i PASE Main function: reverse proxy server Main function: run the PHP application and return result Configure server instance using IBM Edit only configure the server using the Web Administration Tool IBM GUI (no tabs) Https available Https available, but certificates using PASE openssl tools (unfamiliar i5 folks)
Apache degrees of security, a matter of choice ... • PASE Apache:8000 (default) • ILE Apache:89 (default) Lower security – Reverse proxy to 8000 • ILE Apache:89 (edit) – Reverse proxy 8000 – 8000 only responds localhost • PASE SSL enabled – Using openssl • ILE Apache SSL enabled – Reverse proxy to 8000 – 8000 only responds localhost • Multiple systems – DMZ reverse proxy Higher security
PASE Apache Server (default) • Listens on port 8000 HTTP:89 – Only receives URL requests Server that are sent to that port httpd.conf: (Reverse Proxy) • Allows any user to make these User nobody requests Group nogroup • All data flowing between the IBM HTTP Server (Reverse Proxy) and the Apache server HTTP:8000 is not encrypted Browser Server http://myi:8000 • All data flowing on the network PHP between client and server is Module public Lower security
IBM HTTP Server Reverse Proxy (default) • Server instance name is: HTTP:89 Browser ZENDCORE http://myi:89 Server (Reverse Proxy) • Listens on port 89 – Only receives URL requests that are sent to that port httpd.conf: • Users are denied access if QTMHHTTP requesting any other (default) directory/files/applications HTTP:8000 Server • Forwards on those requests to PHP the Apache Server 8000 Module • Allows any user to make requests • All data flowing on the network between client and server is public Lower security
IBM HTTP Server Reverse Proxy (default) Modify PASE Apache for localhost (edit) • Leave HTTP Server:89 as is – Leave reverse proxy Browser HTTP:89 http://myi:89 Server • Modify PASE Apache (Reverse Proxy) – Change: • Allow from all – To httpd.conf: • Allow from 127.0.0.1 Allow from 127.0.0.1 • 127.0.0.1 == localhost (localhost) HTTP:8000 Server PHP Module More security
PASE Apache 443 (https) (short “self certificate” tutorial) • Make certificate (self) – call qp2term – cd /usr/local/Zend/apache2/conf Browser – openssl req -x509 -nodes -days 365 -subj https://myi '/C=US/ST=Minnesota/L=Rochester/CN=www.myi.com' -newkey rsa:4096 -keyout server.key -out server.crt – Note: CN correct for your site Encrypted • Go zendcore/zcmenu httpd_ssl.conf: – 7. Additional Apache options Include conf/ssl.conf HTTP:8000 – 2. PASE Apache Control ssl_conf: Server • /usr/local/... SSLCertificateFile PHP • http_ssl.conf /usr.../server.crt Module • S = Start (E = Stop) SSLCertificateKeyFile • https://myi5 /usr.../server.key – Get certificate (not perm) – Note https is port 443 (conflict?) Higher security
IBM HTTP Server 443 Browser https://myi HTTP:443 Encrypted Server (Reverse Proxy) • HTTP 443 documented procedure – Web GUI (2001 port) • Copy the reverse proxy lines into your new 443 instance – ProxyPass / http://127.0.0.1:8000 HTTP:8000 – ProxyPassReverse / http://127.0.0.1:8000 Server • Change PASE Apache PHP • Allow from all Module httpd.conf: – To Allow from 127.0.0.1 • Allow from 127.0.0.1 (localhost) Higher security
“Reverse Proxy” HTTP Server • Improves performance – Can cache static documents in memory I5_COMD – Can aid with balancing requests to *PGM, *SRVPGM a set of HTTP servers • Improves security CMD, ... – Can control access at the front door HTTP:89 – Can keep server in DMZ separate Server from internal network (Reverse Proxy) IFS – Hides the content server environment /www/zendcore – Can log activity F /usr/local/Zend I R HTTP:80 E Server W (Reverse Proxy) HTTP:8000 A Server DB2 UDB DMZ System L PHP L Module
Tip: PASE Apache prefork start/stop • Good PASE Apache settings • Keep the same – <IfModule prefork.c> – StartServers == MinSpareServers • StartServers 5 – MaxSpareServers == MaxClients • MinSpareServers 5 • Leave as zero or very high count • MaxSpareServers 25 – MaxRequestsPerChild 0 • MaxClients 25 • Never end worker job • MaxRequestsPerChild 0 – </IfModule> HTTP:8000 HTTP:8000 HTTP:8000Server HTTP:8000 Server HTTP:89 HTTP:8000Server HTTP:8000 Server Server Server Server (Reverse Proxy) Avoid PASE Apache bad prefork settings. The machine will prefork to “death”!
Tip: Apache “chroot” • Apache security consultants may recommend chroot to a new directory that can not access other commands on the system. • This approach is not recommended for PASE Apache – The qsys file system will no longer be accessible • PHP interoperability with ILE becomes increasingly difficult – The /QOpenSys file system contains PASE “shared binaries” used by Apache • Chroot below /QOpenSys may be the only way to run without “difficult” copy of runtime for your PASE Apache engine Apache chroot not recommended, (security to failure)!
php.ini configuration /usr/local/Zend/Core/etc/php.ini
php.ini Settings • safe_mode = On/Off – Zend Core default: safe_mode = Off – By enabling safe_mode parameter, PHP scripts are able to access files only when their owner is the owner of the PHP scripts. This is one of the most important security mechanisms built into the PHP. Effectively counteracts unauthorized attempts to access system files and adds many restrictions that make unauthorized access more difficult. • safe_mode_gid = On/Off – Zend Core default: safe_mode_gid = Off – When safe_mode is turned on and safe_mode_gid is turned off, PHP scripts are able to access files not only when UIDs are the same, but also when the group of the owner of the PHP script is the same as the group of the owner of the file. – Utility concerns: • <?php echo shell_exec(“PASE utility steal system”); ?> • <?php echo `system ('call cmd steal from system')`; ?>
php.ini Settings • open_basedir = directory[:...] – Zend Core default: not active (comment only in php.ini) – When the open_basedir parameter is enabled, PHP will be able to access only those files, which are placed in the specified directories (and subdirectories). • safe_mode_exec_dir = directory[:...] – Zend Core default: safe_mode_exec_dir = – When safe_mode is turned on, system(), exec() and other functions that execute system programs will refuse to start those programs, if they are not placed in the specified directory. – More utility concerns: • <?php echo $_POST('textFromEvilUseStealFromSystem');?> – Where HTML form data (textarea) was ... » $_POST('textFromEvilUseStealFromSystem') = » “shell_exec('system('do something bad')')”;
php.ini Settings • display_errors = On/Off – Zend Core default: display_errors = Off – If the display_errors parameter is turned off, PHP errors and warnings are not being displayed. Because such warnings often reveal precious information like path names, SQL queries etc., it is strongly recommended to turn this parameter off on production servers Do not turn display_errors On (default off), instead check /usr/local/Zend/Core/logs/php_error_log
php.ini Settings • log_errors = On – Zend Core default: log_errors = On – When log_errors is turned on, all the warnings and errors are logged into the file that is specified by the error_log parameter. If this file is not accessible, information about warnings and errors are logged by the Apache server. • error_log = filename – Zend Core default: error_log = /usr/local/Zend/Core/logs/php_error_log – This parameter specifies the name of the file, which will be used to store information about warnings and errors (attention: this file must be writeable by the user or group apache). Do not turn display_errors On (default off), error_log = /usr/local/Zend/Core/logs/php_error_log
php.ini Settings • expose_php = On/Off – Zend Core default: expose_php = On – Turning off the "expose_php" parameter causes that PHP will not disclose information about itself in HTTP headers that are being sent to clients in responses to web requests. PHP security by obscurity.
php.ini Settings • .register_globals = On/Off – Zend Core default: register_globals = Off – When the register_globals parameter is turned on, all the EGPCS (Environment, GET, POST, Cookie and Server) variables are automatically registered as global variables. Because it can pose a serious security threat, it is strongly recommended to turn this parameter off (starting from the PHP version 4.2.0, this parameter is turned off by default) // need a "register" global variable? gpost(); $gvar = "Hi"; echo "$gvar {$_POST['gvar']} {$GLOBALS['gvar']}"; function gpost($var) { if(!array_key_exists($var,$_POST)) $_POST[$var]=''; $GLOBALS[$var]=&$_POST[$var]; }
PHP programming /www/zendcore/htdocs/*
Programming APIs • i5_*() APIs • db2_*() APIs – Connect – Connect – CMD call – Results – PGM/SRVPGM call – Commit/Rollback – SQL access – Fetch – Native file access – Statement – Data areas / queues – Stored procedure call – User space – Meta Data – Print/Spool • Column – Job logs • Table – Active jobs • Field • Info – Object list Files or programs with PUBLIC *USE or *ALL, hacker's will have an easier job!
PHP general (information abounds) • Most important rule: never trust user input – Always check user input HTML forms – Always check input to SQL • There are many sites that explain PHP security practices that you can read to “know your enemy” – http://www.ipbwiki.com/Practical_PHP_Programming:Security_concerns – php.ini settings (previous section) – Don't use PHP eval on user data • <?php eval $_POST('HackerDelight'); ?> – Don't allow user to specify PHP include names • http://myi.php” • <?php include($_GET['include']); ?> – Don't use include names that can be read by URL (.inc, etc.) • https://myi5/secretstuff.inc – Don't allow user to SQL inject your database (db2 section) • db2_exec($_POST(“DropSchemaPayroll;...”');
Toolkit - i5_(p)connect() • i5_pconnect(Server, User, Password [, array Options]) – Server – “”, “localhost” or “127.0.0.1” – User - “”, or “uid” i5_pconnect(“”,””,””) • “” - NOBODY profile EASYCOM – Password - “” or “password” HTTP:8000 SRVPGM – Options – Server EASYCOM PGM / CMD • I5_OPTIONS_PRIVATE_CONNECTION SRVPGM EASYCOM PGM / CMD • Return: SRVPGM – IBM i connection HTTP:8000 PGM / CMD – or false on failure Server • i5_pconnect(“”,””,””) – Fewer EASYCOM jobs EASYCOM HTTP:8000 SRVPGM Server PGM / CMD (PRIVATE) Use pconnect over connect avoid start/stop job stress!
ibm_db2 - db2_(p)connect() • db2_pconnect(Database, User, Password [, array Options] ) – Database - “”, “*LOCAL”, db2_pconnect(“*LOCAL”,”NOBODY”,””) • “IASP”, “10.1.5.13” – User - QSQSRVR • “”, “NOBODY”, “SOMEUSER” (NOBODY) QSQSRVR – Password - “”, “PASSWORD” HTTP:8000 (NOBODY) • Return: QSQSRVR Server (NOBODY) – IBM i DB2 connection – or false on failure HTTP:8000 • db2_pconnect(“”,””,””) Server • No QSQSRV jobs • db2_pconnect(...,”*NOBODY,””) HTTP:8000 DB2 UDB • Shared QSQSRV jobs Server db2_pconnect(“”,””,””) No “click” route, so do not commit across “clicks”!
i5_pconnect(“localhost”,”uid”,”pwd” Apache “stateless” ... ) EASYCOM EASYCOM EASYCOM HTTP:89 UID:UID:UID: FRED UID: FRED FRED FRED Browser HTTP:8000 myi:89 Server Server HTTP:89 (Reverse Proxy) EASYCOM Browser Server (private) HTTP:89 (Reverse Proxy) myi:89 UID: TOM Server (Reverse Proxy) HTTP:8000 db2_pconnect(“”,”uid”,”pwd”) QTMHHTTP Server DB2 QSQSRVR QSQSRVR QSQSRVR Browser FRED HTTP:8000 UID:UID: FRED FRED UID:UID: JEN JEN myi:8000 TOM Server Browser JEN NOBODY QSQSRVR DB2 myi:8000 NOGROUP QSQSRVR LIZA UID: TOM UID: Liza UID: LIZA ... no “click” has a consistent route (TOM i5 private)
Connect *.inc best intentions, terrible results ... /www/zendcore/htdocs/iconnect.inc <?php function db2ConnPayroll() { return db2_pconnect(“*LOCAL”,”PAY”,”RGFJ183G”); } function i5ConnectCreditCards() { return i5_pconnect(“localhost”,”CREDIT”,”FDRS453Y”); } ?> • Browser http://myi:8000/iconnect.inc – Up pops the source code for iconnect.inc, because “*.inc” is just a file not a PHP program – “You've been hacked!” • Instead use ... – /www/zendcore/htdocs/iconnect.inc.php • Also ... /www/zendcore/htdocs/* – PUBLIC *EXCLUDE
Better connect Apache env vars ... /usr/local/Zend/apache2/conf/httpd.conf # Password PC should be encrypted (MCrypt) SetEnv UC CREDIT SetEnv PC FDRS453Y /www/zendcore/htdocs/iconnect.inc.php <?php $cc= $_SERVER['UC']; $pc = $_SERVER['PC']; function i5ConnectCreditCards() { global $cc,$pc; return i5_pconnect(“localhost”,$cc,$pc); } ?> • /usr/local/Zend/apache2/conf/httpd.conf – VERY limited access and PUBLIC *EXCLUDE – Include conf/password.conf • /www/zendcore/htdocs/iconnect.inc.php – For better security add encrypt / decrypt for $_SERVER['PC'] • See PECL extension MCrypt
db2_pconnect and library list ... $uid= $_SERVER['DB2UID']; $pwd = $_SERVER['DB2PWD']; $opt=array(“i5_naming”=>DB2_I5_NAMING_ON); // who are you? if (isset($_SESSION['bigwig'])) array_push($opt, array(“i5_libl”=>'BIGDEAL LILDEAL”)); else array_push($opt, array(“i5_libl”=>”LILDEAL”)); $con=db2_pconnect(“*LOCAL”,$uid,$pwd,$opt); // access the correct data $result = $db2_exec($con, “select * from accounts”); – “i5_libl”=>”BIGDEAL LILDEAL” • call qsys2.qcmdexc('cmd',len) • CHGLIBL LIBL(BIGDEAL LILDEAL) CURLIB(BIGDEAL) – Query known based on $_SESSION['bigwig'] What if our script dies during a BIGDEAL library list query (or times out)? Hopefully, no other PHP script has “select * from accounts”
i5_pconnect and library list ... $uid= $_SERVER['DB2UID']; $pwd = $_SERVER['DB2PWD']; $conn = i5_pconnect("localhost", $uid, $pwd); if (isset($_SESSION['bigwig'])) { i5_command("chglibl",array("libl"=>"BIGDEAL LILDEAL"),array(),$conn); } else { i5_command("chglibl",array("libl"=>"LILDEAL"),array(),$conn); } – “libl”=>”BIGDEAL LILDEAL” • CHGLIBL – Query known based on $_SESSION['bigwig'] What if our script dies during a BIGDEAL library list query (or times out)? Hopefully, no other PHP script has “select * from accounts”
“i5_naming”=> choice/problem ... for ($i=1;$i<21;$i++) { $modulus = $i % 2; if (!$modulus) { $opt=array("i5_naming"=>DB2_I5_NAMING_ON, "i5_libl"=>"BIGDEAL"); $conn = db2_pconnect("*LOCAL", "DB2", "SECRET", $opt); } else { $opt=array("i5_naming"=>DB2_I5_NAMING_OFF, "i5_lib"=>"LILDEAL"); $conn = db2_pconnect("*LOCAL", "DB2", "SECRET", $opt); } • Do not attempt to mix naming in the same profile – "i5_naming"=>DB2_I5_NAMING_ON (lib/table) – "i5_naming"=>DB2_I5_NAMING_OFF (lib.table) • Use separate profiles for each naming – db2_pconnect("*LOCAL", "DB2NATIVE", "SECRET", $opt); – db2_pconnect("*LOCAL", "DB2SQL", "SECRET", $opt);
Use db2_prepare/db2_execute, (and i5_prepare/i5_execute) // db2_exec is unsafe ... $statement = "select email, password, access from eaccounts where email='{$_POST['email']}' and password='{$_POST['password']}'"; $stmt = db2_exec($conn, $statement); // db2_prepare / db2_execute is safer ... $userData = array($_POST['email'], $_POST['password']); $statement = "select email, password, access from eaccounts where email='?' and password='?'"; $stmt = db2_prepare($conn, $statement); $isok = db2_execute($stmt, $userData); // db2_exec is hacked by “' or 1=1 --” and the first row returns (CTO's record) $row = db2_fetch_array($stmt); • Hacked by single-line comment delimiter (--). – $_POST['email'] = "' or 1=1 --"; – $_POST['password'] = ""; • select email, password, access from eaccounts where email='' or 1=1 --' and password='' • Let DB2 do basic analysis on the ? parameter markers to help avoid SQL injection attack (i5_query has inject detect)
Tip: PHP/DB2 with 65535 • Issue: PHP scripts getting “junk” back from their DB2 SQL queries. Root problem is often QCCSID setting 65535 (binary default from manufacturing) • Change CCSID before starting Apache – 0) signon as QSECOFR – 1) go zendcore/zcmenu -> stop apache – 2) CHGJOB LANGID(ENU) CNTRYID(US) CCSID(37) – 3) go zendcore/zcmenu -> start apache PHP/DB2 does not work well with the default 65535 (binary) CCSID setting. Most PHP applications experience what appears to be junk returning in SQL queries (VARCHAR, CHAR, etc.). Change your CCSID to something other than 65535 and restart the Zend Core Apache.
Tip: DB2 – Schema (info) … • On DB2 UDB for iSeries, a schema is used to group related database objects. A DB2 UDB for iSeries schema is actually a collection of DB2 objects and OS/400 objects. When the CREATE SCHEMA statement is executed, the following objects are created: – OS/400 library – OS/400 journal and journal receiver – DB2 views containing schema-wide catalog • This collection of objects in the schema provides the container for storing related DB2 objects and the journal objects needed for enabling recovery of database changes to these DB2 objects. Use schemas (libraries), created with the SQL statement CREATE SCHEMA over CRTLIB to enable journaling. The ibm_db2 commit APIs will not function without journal enabled in the schema (library). In addition, some ibm_db2 BLOB/CLOB scenarios require journal enabled.
MySql quick management • PhpMyAdmin – Manage MySql from the web – http://www.phpmyadmin.net/home_page/index.php • Privileges tab – users/access rights • Manage databases, tables, etc. • MySql GUI tools client / server) – Configurations secure, tunnel, etc. • http://forums.mysql.com/read.php?30,249779,249779 • Directory – Zend • /usr/local/mysql – Upgrades 5.1 recommend • /QopenSys/usr/local
Misc • DB2 auditing – http://www.itjungle.com/fhg/fhg020806-story02.html – http://search400.techtarget.com/news/article/0,289142,sid3_gci1189820,00.html • Tango/04 • PCI Apache PTFs – V5R4 - SF99114-20 SI35761, SI35762 Apache 2.0.63 – V6R1 - SF99115-9 SI35767, SI35764, SI35768 Apache 2.2.11 – Zend Core 2.6.1
Trademarks and Disclaimers 8 IBM Corporation 1994-2006. All rights reserved. References in this document to IBM products or services do not imply that IBM intends to make them available in every country. The following terms are trademarks of International Business Machines Corporation in the United States, other countries, or both: AS/400 e-business on demand IBM i AS/400e IBM OS/400 eServer IBM (logo) System i5 iSeries ZendCore Rational is a trademark of International Business Machines Corporation and Rational Software Corporation in the United States, other countries, or both. Intel, Intel Logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Other company, product or service names may be trademarks or service marks of others. Information is provided "AS IS" without warranty of any kind. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Information concerning non-IBM products was obtained from a supplier of these products, published announcement material, or other publicly available sources and does not constitute an endorsement of such products by IBM. Sources for non-IBM list prices and performance numbers are taken from publicly available information, including vendor announcements and vendor worldwide homepages. IBM has not tested these products and cannot confirm the accuracy of performance, capability, or any other claims related to non-IBM products. Questions on the capability of non-IBM products should be addressed to the supplier of those products. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Contact your local IBM office or IBM authorized reseller for the full text of the specific Statement of Direction. Some information addresses anticipated future capabilities. Such information is not intended as a definitive statement of a commitment to specific levels of performance, function or delivery schedules with respect to any future products. Such commitments are only made in IBM product announcements. The information is presented here to communicate IBM's current investment and development activities as a good faith effort to help with our customers' future planning. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput or performance improvements equivalent to the ratios stated here.

Empfohlen

PHP on Windows - What's New
PHP on Windows - What's NewPHP on Windows - What's New
PHP on Windows - What's NewZendCon
 
Zend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZendCon
 
PHP on IBM i Tutorial
PHP on IBM i TutorialPHP on IBM i Tutorial
PHP on IBM i TutorialZendCon
 
Performance tuning with zend framework
Performance tuning with zend frameworkPerformance tuning with zend framework
Performance tuning with zend frameworkAlan Seiden
 
DB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iDB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iAlan Seiden
 
Strategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iStrategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iAlan Seiden
 
Getting started with PHP on IBM i
Getting started with PHP on IBM iGetting started with PHP on IBM i
Getting started with PHP on IBM iZend by Rogue Wave Software
 
PHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourPHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourRod Flohr
 

Empfohlen

PHP on Windows - What's New
PHP on Windows - What's NewPHP on Windows - What's New
PHP on Windows - What's NewZendCon
 
Zend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZend_Tool: Practical use and Extending
Zend_Tool: Practical use and ExtendingZendCon
 
PHP on IBM i Tutorial
PHP on IBM i TutorialPHP on IBM i Tutorial
PHP on IBM i TutorialZendCon
 
Performance tuning with zend framework
Performance tuning with zend frameworkPerformance tuning with zend framework
Performance tuning with zend frameworkAlan Seiden
 
DB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iDB2 and PHP in Depth on IBM i
DB2 and PHP in Depth on IBM iAlan Seiden
 
Strategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iStrategic Modernization with PHP on IBM i
Strategic Modernization with PHP on IBM iAlan Seiden
 
Getting started with PHP on IBM i
Getting started with PHP on IBM iGetting started with PHP on IBM i
Getting started with PHP on IBM iZend by Rogue Wave Software
 
PHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourPHP Installed on IBM i - the Nickel Tour
PHP Installed on IBM i - the Nickel TourRod Flohr
 
PHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iPHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iAlan Seiden
 
Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016Clark Everetts
 
PHP Batch Jobs on IBM i
PHP Batch Jobs on IBM iPHP Batch Jobs on IBM i
PHP Batch Jobs on IBM iAlan Seiden
 
Running open source PHP applications on you IBM i
Running open source PHP applications on you IBM iRunning open source PHP applications on you IBM i
Running open source PHP applications on you IBM iProximity Group
 
Install MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreInstall MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreRod Flohr
 
From Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iFrom Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iAlan Seiden
 
Create a welcoming development environment on IBM i
Create a welcoming development environment on IBM iCreate a welcoming development environment on IBM i
Create a welcoming development environment on IBM iAlan Seiden
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Zend by Rogue Wave Software
 
Zend con 2016 bdd with behat for beginners
Zend con 2016 bdd with behat for beginnersZend con 2016 bdd with behat for beginners
Zend con 2016 bdd with behat for beginnersAdam Englander
 
Zend_Cache: how to improve the performance of PHP applications
Zend_Cache: how to improve the performance of PHP applicationsZend_Cache: how to improve the performance of PHP applications
Zend_Cache: how to improve the performance of PHP applicationsEnrico Zimuel
 
Zend Products and PHP for IBMi
Zend Products and PHP for IBMi Zend Products and PHP for IBMi
Zend Products and PHP for IBMi Shlomo Vanunu
 
IBM i: Fertile Ground for PHP Developers
IBM i: Fertile Ground for PHP DevelopersIBM i: Fertile Ground for PHP Developers
IBM i: Fertile Ground for PHP DevelopersAlan Seiden
 
Get Started with Zend Framework 2
Get Started with Zend Framework 2Get Started with Zend Framework 2
Get Started with Zend Framework 2Mindfire Solutions
 
Require js training
Require js trainingRequire js training
Require js trainingDr. Awase Khirni Syed
 
What is new in Notes & Domino Deleopment V10.x
What is new in Notes & Domino Deleopment V10.xWhat is new in Notes & Domino Deleopment V10.x
What is new in Notes & Domino Deleopment V10.xUlrich Krause
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemColdFusionConference
 
Instant ColdFusion with Vagrant
Instant ColdFusion with VagrantInstant ColdFusion with Vagrant
Instant ColdFusion with VagrantColdFusionConference
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platformLuis Cabaceira
 
Keep Applications Online
Keep Applications OnlineKeep Applications Online
Keep Applications OnlineColdFusionConference
 
Scale ColdFusion with Terracotta Distributed Caching for Ehchache
Scale ColdFusion with Terracotta Distributed Caching for EhchacheScale ColdFusion with Terracotta Distributed Caching for Ehchache
Scale ColdFusion with Terracotta Distributed Caching for EhchacheColdFusionConference
 
PHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudPHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudZendCon
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability MattersMark Swarbrick
 

Weitere ähnliche Inhalte

Was ist angesagt?

PHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iPHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iAlan Seiden
 
Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016Clark Everetts
 
PHP Batch Jobs on IBM i
PHP Batch Jobs on IBM iPHP Batch Jobs on IBM i
PHP Batch Jobs on IBM iAlan Seiden
 
Running open source PHP applications on you IBM i
Running open source PHP applications on you IBM iRunning open source PHP applications on you IBM i
Running open source PHP applications on you IBM iProximity Group
 
Install MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreInstall MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreRod Flohr
 
From Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iFrom Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iAlan Seiden
 
Create a welcoming development environment on IBM i
Create a welcoming development environment on IBM iCreate a welcoming development environment on IBM i
Create a welcoming development environment on IBM iAlan Seiden
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Zend by Rogue Wave Software
 
Zend con 2016 bdd with behat for beginners
Zend con 2016 bdd with behat for beginnersZend con 2016 bdd with behat for beginners
Zend con 2016 bdd with behat for beginnersAdam Englander
 
Zend_Cache: how to improve the performance of PHP applications
Zend_Cache: how to improve the performance of PHP applicationsZend_Cache: how to improve the performance of PHP applications
Zend_Cache: how to improve the performance of PHP applicationsEnrico Zimuel
 
Zend Products and PHP for IBMi
Zend Products and PHP for IBMi Zend Products and PHP for IBMi
Zend Products and PHP for IBMi Shlomo Vanunu
 
IBM i: Fertile Ground for PHP Developers
IBM i: Fertile Ground for PHP DevelopersIBM i: Fertile Ground for PHP Developers
IBM i: Fertile Ground for PHP DevelopersAlan Seiden
 
Get Started with Zend Framework 2
Get Started with Zend Framework 2Get Started with Zend Framework 2
Get Started with Zend Framework 2Mindfire Solutions
 
What is new in Notes & Domino Deleopment V10.x
What is new in Notes & Domino Deleopment V10.xWhat is new in Notes & Domino Deleopment V10.x
What is new in Notes & Domino Deleopment V10.xUlrich Krause
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemColdFusionConference
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platformLuis Cabaceira
 
Scale ColdFusion with Terracotta Distributed Caching for Ehchache
Scale ColdFusion with Terracotta Distributed Caching for EhchacheScale ColdFusion with Terracotta Distributed Caching for Ehchache
Scale ColdFusion with Terracotta Distributed Caching for EhchacheColdFusionConference
 

Was ist angesagt? (20)

PHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM iPHP Toolkit from Zend and IBM: Open Source on IBM i
PHP Toolkit from Zend and IBM: Open Source on IBM i
 
Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016Php Dependency Management with Composer ZendCon 2016
Php Dependency Management with Composer ZendCon 2016
 
PHP Batch Jobs on IBM i
PHP Batch Jobs on IBM iPHP Batch Jobs on IBM i
PHP Batch Jobs on IBM i
 
Running open source PHP applications on you IBM i
Running open source PHP applications on you IBM iRunning open source PHP applications on you IBM i
Running open source PHP applications on you IBM i
 
Install MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and moreInstall MariaDB on IBM i - Tips, troubleshooting, and more
Install MariaDB on IBM i - Tips, troubleshooting, and more
 
From Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm iFrom Zero to ZF: Your first zend framework project on ibm i
From Zero to ZF: Your first zend framework project on ibm i
 
Create a welcoming development environment on IBM i
Create a welcoming development environment on IBM iCreate a welcoming development environment on IBM i
Create a welcoming development environment on IBM i
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i
 
Zend con 2016 bdd with behat for beginners
Zend con 2016 bdd with behat for beginnersZend con 2016 bdd with behat for beginners
Zend con 2016 bdd with behat for beginners
 
Zend_Cache: how to improve the performance of PHP applications
Zend_Cache: how to improve the performance of PHP applicationsZend_Cache: how to improve the performance of PHP applications
Zend_Cache: how to improve the performance of PHP applications
 
Zend Products and PHP for IBMi
Zend Products and PHP for IBMi Zend Products and PHP for IBMi
Zend Products and PHP for IBMi
 
IBM i: Fertile Ground for PHP Developers
IBM i: Fertile Ground for PHP DevelopersIBM i: Fertile Ground for PHP Developers
IBM i: Fertile Ground for PHP Developers
 
Get Started with Zend Framework 2
Get Started with Zend Framework 2Get Started with Zend Framework 2
Get Started with Zend Framework 2
 
Require js training
Require js trainingRequire js training
Require js training
 
What is new in Notes & Domino Deleopment V10.x
What is new in Notes & Domino Deleopment V10.xWhat is new in Notes & Domino Deleopment V10.x
What is new in Notes & Domino Deleopment V10.x
 
Hey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the ProblemHey My Web App is Slow Where is the Problem
Hey My Web App is Slow Where is the Problem
 
Instant ColdFusion with Vagrant
Instant ColdFusion with VagrantInstant ColdFusion with Vagrant
Instant ColdFusion with Vagrant
 
Sizing your alfresco platform
Sizing your alfresco platformSizing your alfresco platform
Sizing your alfresco platform
 
Keep Applications Online
Keep Applications OnlineKeep Applications Online
Keep Applications Online
 
Scale ColdFusion with Terracotta Distributed Caching for Ehchache
Scale ColdFusion with Terracotta Distributed Caching for EhchacheScale ColdFusion with Terracotta Distributed Caching for Ehchache
Scale ColdFusion with Terracotta Distributed Caching for Ehchache
 

Andere mochten auch

PHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudPHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudZendCon
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability MattersMark Swarbrick
 
Framework Shootout
Framework ShootoutFramework Shootout
Framework ShootoutZendCon
 
Application Diagnosis with Zend Server Tracing
Application Diagnosis with Zend Server TracingApplication Diagnosis with Zend Server Tracing
Application Diagnosis with Zend Server TracingZendCon
 
MySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats newMySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats newMark Swarbrick
 
MySQL Optimizer Overview
MySQL Optimizer OverviewMySQL Optimizer Overview
MySQL Optimizer OverviewOlav Sandstå
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - SecurityMark Swarbrick
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Zhaoyang Wang
 
A Storage Story #ChefConf2013
A Storage Story #ChefConf2013A Storage Story #ChefConf2013
A Storage Story #ChefConf2013Kyle Bader
 
MySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication FeaturesMySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication FeaturesMark Swarbrick
 
Tiery Eyed
Tiery EyedTiery Eyed
Tiery EyedZendCon
 
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMark Swarbrick
 
Solving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and ScalabilitySolving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and ScalabilityZendCon
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Zhaoyang Wang
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Zhaoyang Wang
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Zhaoyang Wang
 
Planning for Synchronization with Browser-Local Databases
Planning for Synchronization with Browser-Local DatabasesPlanning for Synchronization with Browser-Local Databases
Planning for Synchronization with Browser-Local DatabasesZendCon
 

Andere mochten auch (20)

PHP and Platform Independance in the Cloud
PHP and Platform Independance in the CloudPHP and Platform Independance in the Cloud
PHP and Platform Independance in the Cloud
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability Matters
 
Framework Shootout
Framework ShootoutFramework Shootout
Framework Shootout
 
Application Diagnosis with Zend Server Tracing
Application Diagnosis with Zend Server TracingApplication Diagnosis with Zend Server Tracing
Application Diagnosis with Zend Server Tracing
 
MySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats newMySQL Manchester TT - 5.7 Whats new
MySQL Manchester TT - 5.7 Whats new
 
MySQL Optimizer Overview
MySQL Optimizer OverviewMySQL Optimizer Overview
MySQL Optimizer Overview
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - Security
 
Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践Oracle Compute Cloud Service快速实践
Oracle Compute Cloud Service快速实践
 
Script it
Script itScript it
Script it
 
A Storage Story #ChefConf2013
A Storage Story #ChefConf2013A Storage Story #ChefConf2013
A Storage Story #ChefConf2013
 
MySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication FeaturesMySQL Manchester TT - Replication Features
MySQL Manchester TT - Replication Features
 
Tiery Eyed
Tiery EyedTiery Eyed
Tiery Eyed
 
MySQL in your laptop
MySQL in your laptopMySQL in your laptop
MySQL in your laptop
 
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/NetMySQL Tech Tour 2015 - 5.7 Connector/J/Net
MySQL Tech Tour 2015 - 5.7 Connector/J/Net
 
Solving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and ScalabilitySolving the C20K problem: Raising the bar in PHP Performance and Scalability
Solving the C20K problem: Raising the bar in PHP Performance and Scalability
 
Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请Oracle cloud ravello介绍及测试账户申请
Oracle cloud ravello介绍及测试账户申请
 
Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍Oracle Compute Cloud Service介绍
Oracle Compute Cloud Service介绍
 
Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站Oracle cloud 使用云市场快速搭建小型电商网站
Oracle cloud 使用云市场快速搭建小型电商网站
 
MySQL Clusters
MySQL ClustersMySQL Clusters
MySQL Clusters
 
Planning for Synchronization with Browser-Local Databases
Planning for Synchronization with Browser-Local DatabasesPlanning for Synchronization with Browser-Local Databases
Planning for Synchronization with Browser-Local Databases
 

Ähnlich wie Zend Core on IBM i - Security Considerations

Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsMichael Zhang
 
Securing Your Webserver By Pradeep Sharma
Securing Your Webserver By Pradeep SharmaSecuring Your Webserver By Pradeep Sharma
Securing Your Webserver By Pradeep SharmaOSSCube
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeWO Community
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever buildingEdmond Yu
 
Linux advanced concepts - Part 2
Linux advanced concepts - Part 2Linux advanced concepts - Part 2
Linux advanced concepts - Part 2NAILBITER
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Richard Donkin
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0guest72e8c1
 
Micro Datacenter & Data Warehouse
Micro Datacenter & Data WarehouseMicro Datacenter & Data Warehouse
Micro Datacenter & Data Warehousemdcdwh
 
Automação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOpsAutomação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOpsRaul Leite
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsOpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsAlessandro Pilotti
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxWO Community
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionSammy Fung
 
Your Inner Sysadmin - LonestarPHP 2015
Your Inner Sysadmin - LonestarPHP 2015Your Inner Sysadmin - LonestarPHP 2015
Your Inner Sysadmin - LonestarPHP 2015Chris Tankersley
 
Using Service Oriented Operation and Provisioning at Financial Times
Using Service Oriented Operation and Provisioning at Financial TimesUsing Service Oriented Operation and Provisioning at Financial Times
Using Service Oriented Operation and Provisioning at Financial TimesEmeka Mosanya
 

Ähnlich wie Zend Core on IBM i - Security Considerations (20)

Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Cobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale EnvironmentsCobbler, Func and Puppet: Tools for Large Scale Environments
Cobbler, Func and Puppet: Tools for Large Scale Environments
 
Securing Your Webserver By Pradeep Sharma
Securing Your Webserver By Pradeep SharmaSecuring Your Webserver By Pradeep Sharma
Securing Your Webserver By Pradeep Sharma
 
Deploying to Ubuntu on Linode
Deploying to Ubuntu on LinodeDeploying to Ubuntu on Linode
Deploying to Ubuntu on Linode
 
Linux sever building
Linux sever buildingLinux sever building
Linux sever building
 
Linux advanced concepts - Part 2
Linux advanced concepts - Part 2Linux advanced concepts - Part 2
Linux advanced concepts - Part 2
 
Automation day red hat ansible
Automation day red hat ansible Automation day red hat ansible
Automation day red hat ansible
 
Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)Go Faster with Ansible (PHP meetup)
Go Faster with Ansible (PHP meetup)
 
RMLL / LSM 2009
RMLL / LSM 2009RMLL / LSM 2009
RMLL / LSM 2009
 
Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0Rmll Virtualization As Is Tool 20090707 V1.0
Rmll Virtualization As Is Tool 20090707 V1.0
 
Micro Datacenter & Data Warehouse
Micro Datacenter & Data WarehouseMicro Datacenter & Data Warehouse
Micro Datacenter & Data Warehouse
 
Automação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOpsAutomação do físico ao NetSecDevOps
Automação do físico ao NetSecDevOps
 
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
Nagios Conference 2014 - Spenser Reinhardt - Detecting Security Breaches With...
 
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and WindowsOpenStack Summit 2013 Hong Kong - OpenStack and Windows
OpenStack Summit 2013 Hong Kong - OpenStack and Windows
 
Deployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS LinuxDeployment of WebObjects applications on CentOS Linux
Deployment of WebObjects applications on CentOS Linux
 
Installation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server EditionInstallation of LAMP Server with Ubuntu 14.10 Server Edition
Installation of LAMP Server with Ubuntu 14.10 Server Edition
 
Your Inner Sysadmin - LonestarPHP 2015
Your Inner Sysadmin - LonestarPHP 2015Your Inner Sysadmin - LonestarPHP 2015
Your Inner Sysadmin - LonestarPHP 2015
 
PHP Handlers
PHP HandlersPHP Handlers
PHP Handlers
 
Using Service Oriented Operation and Provisioning at Financial Times
Using Service Oriented Operation and Provisioning at Financial TimesUsing Service Oriented Operation and Provisioning at Financial Times
Using Service Oriented Operation and Provisioning at Financial Times
 
Puppetconf2012
Puppetconf2012Puppetconf2012
Puppetconf2012
 

Mehr von ZendCon

I18n with PHP 5.3
I18n with PHP 5.3I18n with PHP 5.3
I18n with PHP 5.3ZendCon
 
Cloud Computing: The Hard Problems Never Go Away
Cloud Computing: The Hard Problems Never Go AwayCloud Computing: The Hard Problems Never Go Away
Cloud Computing: The Hard Problems Never Go AwayZendCon
 
Magento - a Zend Framework Application
Magento - a Zend Framework ApplicationMagento - a Zend Framework Application
Magento - a Zend Framework ApplicationZendCon
 
Enterprise-Class PHP Security
Enterprise-Class PHP SecurityEnterprise-Class PHP Security
Enterprise-Class PHP SecurityZendCon
 
PHP and IBM i - Database Alternatives
PHP and IBM i - Database AlternativesPHP and IBM i - Database Alternatives
PHP and IBM i - Database AlternativesZendCon
 
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...ZendCon
 
Joe Staner Zend Con 2008
Joe Staner Zend Con 2008Joe Staner Zend Con 2008
Joe Staner Zend Con 2008ZendCon
 
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...ZendCon
 
DB2 Storage Engine for MySQL and Open Source Applications Session
DB2 Storage Engine for MySQL and Open Source Applications SessionDB2 Storage Engine for MySQL and Open Source Applications Session
DB2 Storage Engine for MySQL and Open Source Applications SessionZendCon
 
Digital Identity
Digital IdentityDigital Identity
Digital IdentityZendCon
 
Modernizing i5 Applications
Modernizing i5 ApplicationsModernizing i5 Applications
Modernizing i5 ApplicationsZendCon
 
Lesser Known Security Problems in PHP Applications
Lesser Known Security Problems in PHP ApplicationsLesser Known Security Problems in PHP Applications
Lesser Known Security Problems in PHP ApplicationsZendCon
 
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"ZendCon
 
SQL Query Tuning: The Legend of Drunken Query Master
SQL Query Tuning: The Legend of Drunken Query MasterSQL Query Tuning: The Legend of Drunken Query Master
SQL Query Tuning: The Legend of Drunken Query MasterZendCon
 
ZendCon 2008 Closing Keynote
ZendCon 2008 Closing KeynoteZendCon 2008 Closing Keynote
ZendCon 2008 Closing KeynoteZendCon
 
Top Zend Studio Secrets
Top Zend Studio SecretsTop Zend Studio Secrets
Top Zend Studio SecretsZendCon
 
VIM for (PHP) Programmers
VIM for (PHP) ProgrammersVIM for (PHP) Programmers
VIM for (PHP) ProgrammersZendCon
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven DevelopmentZendCon
 
Rickroll To Go With PHP, WURFL, and Other Open Source Tools
Rickroll To Go With PHP, WURFL, and Other Open Source ToolsRickroll To Go With PHP, WURFL, and Other Open Source Tools
Rickroll To Go With PHP, WURFL, and Other Open Source ToolsZendCon
 
PECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterPECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterZendCon
 

Mehr von ZendCon (20)

I18n with PHP 5.3
I18n with PHP 5.3I18n with PHP 5.3
I18n with PHP 5.3
 
Cloud Computing: The Hard Problems Never Go Away
Cloud Computing: The Hard Problems Never Go AwayCloud Computing: The Hard Problems Never Go Away
Cloud Computing: The Hard Problems Never Go Away
 
Magento - a Zend Framework Application
Magento - a Zend Framework ApplicationMagento - a Zend Framework Application
Magento - a Zend Framework Application
 
Enterprise-Class PHP Security
Enterprise-Class PHP SecurityEnterprise-Class PHP Security
Enterprise-Class PHP Security
 
PHP and IBM i - Database Alternatives
PHP and IBM i - Database AlternativesPHP and IBM i - Database Alternatives
PHP and IBM i - Database Alternatives
 
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...
 
Joe Staner Zend Con 2008
Joe Staner Zend Con 2008Joe Staner Zend Con 2008
Joe Staner Zend Con 2008
 
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...
 
DB2 Storage Engine for MySQL and Open Source Applications Session
DB2 Storage Engine for MySQL and Open Source Applications SessionDB2 Storage Engine for MySQL and Open Source Applications Session
DB2 Storage Engine for MySQL and Open Source Applications Session
 
Digital Identity
Digital IdentityDigital Identity
Digital Identity
 
Modernizing i5 Applications
Modernizing i5 ApplicationsModernizing i5 Applications
Modernizing i5 Applications
 
Lesser Known Security Problems in PHP Applications
Lesser Known Security Problems in PHP ApplicationsLesser Known Security Problems in PHP Applications
Lesser Known Security Problems in PHP Applications
 
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
Architecting for PHP5 - Why "Runs on PHP5" is not "Written for PHP5"
 
SQL Query Tuning: The Legend of Drunken Query Master
SQL Query Tuning: The Legend of Drunken Query MasterSQL Query Tuning: The Legend of Drunken Query Master
SQL Query Tuning: The Legend of Drunken Query Master
 
ZendCon 2008 Closing Keynote
ZendCon 2008 Closing KeynoteZendCon 2008 Closing Keynote
ZendCon 2008 Closing Keynote
 
Top Zend Studio Secrets
Top Zend Studio SecretsTop Zend Studio Secrets
Top Zend Studio Secrets
 
VIM for (PHP) Programmers
VIM for (PHP) ProgrammersVIM for (PHP) Programmers
VIM for (PHP) Programmers
 
Test Driven Development
Test Driven DevelopmentTest Driven Development
Test Driven Development
 
Rickroll To Go With PHP, WURFL, and Other Open Source Tools
Rickroll To Go With PHP, WURFL, and Other Open Source ToolsRickroll To Go With PHP, WURFL, and Other Open Source Tools
Rickroll To Go With PHP, WURFL, and Other Open Source Tools
 
PECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life betterPECL Picks - Extensions to make your life better
PECL Picks - Extensions to make your life better
 

Kürzlich hochgeladen

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Kürzlich hochgeladen (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Zend Core on IBM i - Security Considerations

  • 1. Zend Core for IBM i Security Considerations Tony “Ranger” Cairns
  • 2. Developers are seeing PHP benefits but, managers are worried about PHP security. What can we do?
  • 3. Option 1) Guarantee system security Step 1) Unplug system. Step 2) Lock in a vault.
  • 4. Option 2) Start a security journey where valuable information assets may be used by authorized people for authorized purposes ... • Protect against outsiders – Would be web hackers – Bumbling user input • Protect against insiders – Would be corporate criminals – Careless programmers
  • 5. An hour security pitch is not your answer... but if you believe security is a journey not a destination, this may help.
  • 6. Step 1) Understand what we get out of the box. IBM i • RSTLICPGM I5_COMD • 5250 start / stop PASE *PGM, zend subsystem *SRVPGM • Dual Apache HTTP:89 configuration Server HTTP:8000 (Reverse Proxy) Server • i5 toolkit for program IFS access (i5_COMD) /www PHP Module • Multiple direct PHP DB2 access methods 5250 zend Zend Core subsystem admin tools DB2 UDB
  • 7. What to protect in Zend Core for IBM i? • Internal Access (PHP) • External Access (Web) – Directories (web dirs) – ILE Apache • /www/zendcore • /www/zendcore/conf • /usr/local/Zend • httpd.conf – Stream files (web pages / scripts) – PASE Apache • /www/zendcore/htdocs • /usr/local/Zend/apache2/conf • /usr/local/Zend/apache2/htdocs • httpd.conf – Programs (web call) – PHP configuration • /qsys.lib/zendcore.lib • /usr/local/Zend/Core/etc • Toolkit called programs (RPG) • php.ini – User profiles – PHP programs (asset on ramp) • Nobody, NoGroup, etc. • db2_connect() • i5_connect()
  • 8. Zend Core for IBM i installed profiles • NOBODY (*USER) • ZENDADMIN (*SECOFR) – PHP Apache server – Start/stop jobs in ZEND – Zend Core jobs (ZENDCOREAP) subsystem – Group = NOGROUP – Pseudo random generator (prngd) – Special authorities = *NONE – GROUP = *NONE • NOGROUP (*USER) – *ALL special authorities – Group profile • ZENDTECH (*USER) – For access to NOBODY – Update PHP configuration resources, other profiles may add – GROUP = *NONE • Group = NOGROUP – Special authorities = *NONE • MYSQL (*PGMR) – Mysql profile – Optional install – Special authorities = *NONE
  • 9. Zend Core for IBM i access rights ... Execute Rights Access Rights I5_COMD PASE *PGM, *SRVPGM QTMHHTTP HTTP:89 CMD, ... Server (Reverse Proxy) HTTP:8000 NOBODY Server IFS NOGROUP /www/zendcore PHP /usr/local/Zend Module 5250 zend ZENDADMIN subsystem Zend Core ZENDTECH admin tools DB2 UDB *PUBLIC EXCLUDE
  • 10. /www/zendcore • Default secure as of ZC 2.6.1 ... – Access control is no public access • /www/zendcore/* (drwxrws--- 5 nobody) – PUBLIC *EXCLUDE – NOBODY *RWX – Note: NOGROUP *RWX • /www – PUBLIC *RX – PUBLIC is not allowed access to PHP scripts or other information • Add group profile NOGROUP to other user profiles for access – QTMHHTTP – Group = NOGROUP Protect your PHP applications from public view
  • 11. /usr/local/Zend • Default secure as of ZC 2.6.1 ... • More secure ... – Access control standard web – Access control only PHP web • /usr/local/Zend (drwxr-sr-x 5 qsecofr) • /usr/local/Zend (drwxr-s--- 5 qsecofr) – PUBLIC *RX – PUBLIC *EXCLUDE – QSECOFR *RWX (who install) • /usr – Note: NOGROUP *RX • /usr/local • /usr – PUBLIC *USE • /usr/local – Public will not be able to call PHP – PUBLIC *RX from command line or RPG program – Public is allowed access to PHP • Add group profile NOGROUP to other from command line or RPG user profiles for access program, etc. – QTMHHTTP – Group = NOGROUP Protect Zend Core web server, programs, configuration and files.
  • 12. ZENDCORE • Default secure as of ZC 2.6.1 • More secure ... – PUBLIC *RX – PUBLIC *EXCLUDE – ZENDADMIN *RWX • Only PHP administrator can access programs (adopt QSECOFR) Protect Zend Core product library programs.
  • 14. Dual Apache ZC 2.6.1 (default) • ILE Apache:89 Browser HTTP:89 – Responds to any browser http://myi:89 Server – Reverse proxy (Reverse Proxy) • to PASE Apache:8000 – Configuration • http://myi:2001/HTTPAdmin->ZENDCORE – https is available • PASE Apache:8000 HTTP:8000 Browser – Responds to any browser Server http://myi:8000 – Also Reverse proxy via Apache:89 PHP Module – Configuration (edit only) • http://myi:2001/HTTPAdmin->PASENEW • /usr/local/Zend/apache2/conf/ • httpd.conf – https is available
  • 15. Comparison of the Two HTTP Servers IBM HTTP Server Apache Server ZENDCORE server instance; using UNIX-based open source server 5722DG1 product ZENDCORE instance created and Server instance created and configured configured automatically when Zend automatically when Zend Core product is Core product is installed installed Server runs in IBM i Server runs in IBM i PASE Main function: reverse proxy server Main function: run the PHP application and return result Configure server instance using IBM Edit only configure the server using the Web Administration Tool IBM GUI (no tabs) Https available Https available, but certificates using PASE openssl tools (unfamiliar i5 folks)
  • 16. Apache degrees of security, a matter of choice ... • PASE Apache:8000 (default) • ILE Apache:89 (default) Lower security – Reverse proxy to 8000 • ILE Apache:89 (edit) – Reverse proxy 8000 – 8000 only responds localhost • PASE SSL enabled – Using openssl • ILE Apache SSL enabled – Reverse proxy to 8000 – 8000 only responds localhost • Multiple systems – DMZ reverse proxy Higher security
  • 17. PASE Apache Server (default) • Listens on port 8000 HTTP:89 – Only receives URL requests Server that are sent to that port httpd.conf: (Reverse Proxy) • Allows any user to make these User nobody requests Group nogroup • All data flowing between the IBM HTTP Server (Reverse Proxy) and the Apache server HTTP:8000 is not encrypted Browser Server http://myi:8000 • All data flowing on the network PHP between client and server is Module public Lower security
  • 18. IBM HTTP Server Reverse Proxy (default) • Server instance name is: HTTP:89 Browser ZENDCORE http://myi:89 Server (Reverse Proxy) • Listens on port 89 – Only receives URL requests that are sent to that port httpd.conf: • Users are denied access if QTMHHTTP requesting any other (default) directory/files/applications HTTP:8000 Server • Forwards on those requests to PHP the Apache Server 8000 Module • Allows any user to make requests • All data flowing on the network between client and server is public Lower security
  • 19. IBM HTTP Server Reverse Proxy (default) Modify PASE Apache for localhost (edit) • Leave HTTP Server:89 as is – Leave reverse proxy Browser HTTP:89 http://myi:89 Server • Modify PASE Apache (Reverse Proxy) – Change: • Allow from all – To httpd.conf: • Allow from 127.0.0.1 Allow from 127.0.0.1 • 127.0.0.1 == localhost (localhost) HTTP:8000 Server PHP Module More security
  • 20. PASE Apache 443 (https) (short “self certificate” tutorial) • Make certificate (self) – call qp2term – cd /usr/local/Zend/apache2/conf Browser – openssl req -x509 -nodes -days 365 -subj https://myi '/C=US/ST=Minnesota/L=Rochester/CN=www.myi.com' -newkey rsa:4096 -keyout server.key -out server.crt – Note: CN correct for your site Encrypted • Go zendcore/zcmenu httpd_ssl.conf: – 7. Additional Apache options Include conf/ssl.conf HTTP:8000 – 2. PASE Apache Control ssl_conf: Server • /usr/local/... SSLCertificateFile PHP • http_ssl.conf /usr.../server.crt Module • S = Start (E = Stop) SSLCertificateKeyFile • https://myi5 /usr.../server.key – Get certificate (not perm) – Note https is port 443 (conflict?) Higher security
  • 21. IBM HTTP Server 443 Browser https://myi HTTP:443 Encrypted Server (Reverse Proxy) • HTTP 443 documented procedure – Web GUI (2001 port) • Copy the reverse proxy lines into your new 443 instance – ProxyPass / http://127.0.0.1:8000 HTTP:8000 – ProxyPassReverse / http://127.0.0.1:8000 Server • Change PASE Apache PHP • Allow from all Module httpd.conf: – To Allow from 127.0.0.1 • Allow from 127.0.0.1 (localhost) Higher security
  • 22. “Reverse Proxy” HTTP Server • Improves performance – Can cache static documents in memory I5_COMD – Can aid with balancing requests to *PGM, *SRVPGM a set of HTTP servers • Improves security CMD, ... – Can control access at the front door HTTP:89 – Can keep server in DMZ separate Server from internal network (Reverse Proxy) IFS – Hides the content server environment /www/zendcore – Can log activity F /usr/local/Zend I R HTTP:80 E Server W (Reverse Proxy) HTTP:8000 A Server DB2 UDB DMZ System L PHP L Module
  • 23. Tip: PASE Apache prefork start/stop • Good PASE Apache settings • Keep the same – <IfModule prefork.c> – StartServers == MinSpareServers • StartServers 5 – MaxSpareServers == MaxClients • MinSpareServers 5 • Leave as zero or very high count • MaxSpareServers 25 – MaxRequestsPerChild 0 • MaxClients 25 • Never end worker job • MaxRequestsPerChild 0 – </IfModule> HTTP:8000 HTTP:8000 HTTP:8000Server HTTP:8000 Server HTTP:89 HTTP:8000Server HTTP:8000 Server Server Server Server (Reverse Proxy) Avoid PASE Apache bad prefork settings. The machine will prefork to “death”!
  • 24. Tip: Apache “chroot” • Apache security consultants may recommend chroot to a new directory that can not access other commands on the system. • This approach is not recommended for PASE Apache – The qsys file system will no longer be accessible • PHP interoperability with ILE becomes increasingly difficult – The /QOpenSys file system contains PASE “shared binaries” used by Apache • Chroot below /QOpenSys may be the only way to run without “difficult” copy of runtime for your PASE Apache engine Apache chroot not recommended, (security to failure)!
  • 26. php.ini Settings • safe_mode = On/Off – Zend Core default: safe_mode = Off – By enabling safe_mode parameter, PHP scripts are able to access files only when their owner is the owner of the PHP scripts. This is one of the most important security mechanisms built into the PHP. Effectively counteracts unauthorized attempts to access system files and adds many restrictions that make unauthorized access more difficult. • safe_mode_gid = On/Off – Zend Core default: safe_mode_gid = Off – When safe_mode is turned on and safe_mode_gid is turned off, PHP scripts are able to access files not only when UIDs are the same, but also when the group of the owner of the PHP script is the same as the group of the owner of the file. – Utility concerns: • <?php echo shell_exec(“PASE utility steal system”); ?> • <?php echo `system ('call cmd steal from system')`; ?>
  • 27. php.ini Settings • open_basedir = directory[:...] – Zend Core default: not active (comment only in php.ini) – When the open_basedir parameter is enabled, PHP will be able to access only those files, which are placed in the specified directories (and subdirectories). • safe_mode_exec_dir = directory[:...] – Zend Core default: safe_mode_exec_dir = – When safe_mode is turned on, system(), exec() and other functions that execute system programs will refuse to start those programs, if they are not placed in the specified directory. – More utility concerns: • <?php echo $_POST('textFromEvilUseStealFromSystem');?> – Where HTML form data (textarea) was ... » $_POST('textFromEvilUseStealFromSystem') = » “shell_exec('system('do something bad')')”;
  • 28. php.ini Settings • display_errors = On/Off – Zend Core default: display_errors = Off – If the display_errors parameter is turned off, PHP errors and warnings are not being displayed. Because such warnings often reveal precious information like path names, SQL queries etc., it is strongly recommended to turn this parameter off on production servers Do not turn display_errors On (default off), instead check /usr/local/Zend/Core/logs/php_error_log
  • 29. php.ini Settings • log_errors = On – Zend Core default: log_errors = On – When log_errors is turned on, all the warnings and errors are logged into the file that is specified by the error_log parameter. If this file is not accessible, information about warnings and errors are logged by the Apache server. • error_log = filename – Zend Core default: error_log = /usr/local/Zend/Core/logs/php_error_log – This parameter specifies the name of the file, which will be used to store information about warnings and errors (attention: this file must be writeable by the user or group apache). Do not turn display_errors On (default off), error_log = /usr/local/Zend/Core/logs/php_error_log
  • 30. php.ini Settings • expose_php = On/Off – Zend Core default: expose_php = On – Turning off the "expose_php" parameter causes that PHP will not disclose information about itself in HTTP headers that are being sent to clients in responses to web requests. PHP security by obscurity.
  • 31. php.ini Settings • .register_globals = On/Off – Zend Core default: register_globals = Off – When the register_globals parameter is turned on, all the EGPCS (Environment, GET, POST, Cookie and Server) variables are automatically registered as global variables. Because it can pose a serious security threat, it is strongly recommended to turn this parameter off (starting from the PHP version 4.2.0, this parameter is turned off by default) // need a "register" global variable? gpost(); $gvar = "Hi"; echo "$gvar {$_POST['gvar']} {$GLOBALS['gvar']}"; function gpost($var) { if(!array_key_exists($var,$_POST)) $_POST[$var]=''; $GLOBALS[$var]=&$_POST[$var]; }
  • 33. Programming APIs • i5_*() APIs • db2_*() APIs – Connect – Connect – CMD call – Results – PGM/SRVPGM call – Commit/Rollback – SQL access – Fetch – Native file access – Statement – Data areas / queues – Stored procedure call – User space – Meta Data – Print/Spool • Column – Job logs • Table – Active jobs • Field • Info – Object list Files or programs with PUBLIC *USE or *ALL, hacker's will have an easier job!
  • 34. PHP general (information abounds) • Most important rule: never trust user input – Always check user input HTML forms – Always check input to SQL • There are many sites that explain PHP security practices that you can read to “know your enemy” – http://www.ipbwiki.com/Practical_PHP_Programming:Security_concerns – php.ini settings (previous section) – Don't use PHP eval on user data • <?php eval $_POST('HackerDelight'); ?> – Don't allow user to specify PHP include names • http://myi.php” • <?php include($_GET['include']); ?> – Don't use include names that can be read by URL (.inc, etc.) • https://myi5/secretstuff.inc – Don't allow user to SQL inject your database (db2 section) • db2_exec($_POST(“DropSchemaPayroll;...”');
  • 35. Toolkit - i5_(p)connect() • i5_pconnect(Server, User, Password [, array Options]) – Server – “”, “localhost” or “127.0.0.1” – User - “”, or “uid” i5_pconnect(“”,””,””) • “” - NOBODY profile EASYCOM – Password - “” or “password” HTTP:8000 SRVPGM – Options – Server EASYCOM PGM / CMD • I5_OPTIONS_PRIVATE_CONNECTION SRVPGM EASYCOM PGM / CMD • Return: SRVPGM – IBM i connection HTTP:8000 PGM / CMD – or false on failure Server • i5_pconnect(“”,””,””) – Fewer EASYCOM jobs EASYCOM HTTP:8000 SRVPGM Server PGM / CMD (PRIVATE) Use pconnect over connect avoid start/stop job stress!
  • 36. ibm_db2 - db2_(p)connect() • db2_pconnect(Database, User, Password [, array Options] ) – Database - “”, “*LOCAL”, db2_pconnect(“*LOCAL”,”NOBODY”,””) • “IASP”, “10.1.5.13” – User - QSQSRVR • “”, “NOBODY”, “SOMEUSER” (NOBODY) QSQSRVR – Password - “”, “PASSWORD” HTTP:8000 (NOBODY) • Return: QSQSRVR Server (NOBODY) – IBM i DB2 connection – or false on failure HTTP:8000 • db2_pconnect(“”,””,””) Server • No QSQSRV jobs • db2_pconnect(...,”*NOBODY,””) HTTP:8000 DB2 UDB • Shared QSQSRV jobs Server db2_pconnect(“”,””,””) No “click” route, so do not commit across “clicks”!
  • 37. i5_pconnect(“localhost”,”uid”,”pwd” Apache “stateless” ... ) EASYCOM EASYCOM EASYCOM HTTP:89 UID:UID:UID: FRED UID: FRED FRED FRED Browser HTTP:8000 myi:89 Server Server HTTP:89 (Reverse Proxy) EASYCOM Browser Server (private) HTTP:89 (Reverse Proxy) myi:89 UID: TOM Server (Reverse Proxy) HTTP:8000 db2_pconnect(“”,”uid”,”pwd”) QTMHHTTP Server DB2 QSQSRVR QSQSRVR QSQSRVR Browser FRED HTTP:8000 UID:UID: FRED FRED UID:UID: JEN JEN myi:8000 TOM Server Browser JEN NOBODY QSQSRVR DB2 myi:8000 NOGROUP QSQSRVR LIZA UID: TOM UID: Liza UID: LIZA ... no “click” has a consistent route (TOM i5 private)
  • 38. Connect *.inc best intentions, terrible results ... /www/zendcore/htdocs/iconnect.inc <?php function db2ConnPayroll() { return db2_pconnect(“*LOCAL”,”PAY”,”RGFJ183G”); } function i5ConnectCreditCards() { return i5_pconnect(“localhost”,”CREDIT”,”FDRS453Y”); } ?> • Browser http://myi:8000/iconnect.inc – Up pops the source code for iconnect.inc, because “*.inc” is just a file not a PHP program – “You've been hacked!” • Instead use ... – /www/zendcore/htdocs/iconnect.inc.php • Also ... /www/zendcore/htdocs/* – PUBLIC *EXCLUDE
  • 39. Better connect Apache env vars ... /usr/local/Zend/apache2/conf/httpd.conf # Password PC should be encrypted (MCrypt) SetEnv UC CREDIT SetEnv PC FDRS453Y /www/zendcore/htdocs/iconnect.inc.php <?php $cc= $_SERVER['UC']; $pc = $_SERVER['PC']; function i5ConnectCreditCards() { global $cc,$pc; return i5_pconnect(“localhost”,$cc,$pc); } ?> • /usr/local/Zend/apache2/conf/httpd.conf – VERY limited access and PUBLIC *EXCLUDE – Include conf/password.conf • /www/zendcore/htdocs/iconnect.inc.php – For better security add encrypt / decrypt for $_SERVER['PC'] • See PECL extension MCrypt
  • 40. db2_pconnect and library list ... $uid= $_SERVER['DB2UID']; $pwd = $_SERVER['DB2PWD']; $opt=array(“i5_naming”=>DB2_I5_NAMING_ON); // who are you? if (isset($_SESSION['bigwig'])) array_push($opt, array(“i5_libl”=>'BIGDEAL LILDEAL”)); else array_push($opt, array(“i5_libl”=>”LILDEAL”)); $con=db2_pconnect(“*LOCAL”,$uid,$pwd,$opt); // access the correct data $result = $db2_exec($con, “select * from accounts”); – “i5_libl”=>”BIGDEAL LILDEAL” • call qsys2.qcmdexc('cmd',len) • CHGLIBL LIBL(BIGDEAL LILDEAL) CURLIB(BIGDEAL) – Query known based on $_SESSION['bigwig'] What if our script dies during a BIGDEAL library list query (or times out)? Hopefully, no other PHP script has “select * from accounts”
  • 41. i5_pconnect and library list ... $uid= $_SERVER['DB2UID']; $pwd = $_SERVER['DB2PWD']; $conn = i5_pconnect("localhost", $uid, $pwd); if (isset($_SESSION['bigwig'])) { i5_command("chglibl",array("libl"=>"BIGDEAL LILDEAL"),array(),$conn); } else { i5_command("chglibl",array("libl"=>"LILDEAL"),array(),$conn); } – “libl”=>”BIGDEAL LILDEAL” • CHGLIBL – Query known based on $_SESSION['bigwig'] What if our script dies during a BIGDEAL library list query (or times out)? Hopefully, no other PHP script has “select * from accounts”
  • 42. “i5_naming”=> choice/problem ... for ($i=1;$i<21;$i++) { $modulus = $i % 2; if (!$modulus) { $opt=array("i5_naming"=>DB2_I5_NAMING_ON, "i5_libl"=>"BIGDEAL"); $conn = db2_pconnect("*LOCAL", "DB2", "SECRET", $opt); } else { $opt=array("i5_naming"=>DB2_I5_NAMING_OFF, "i5_lib"=>"LILDEAL"); $conn = db2_pconnect("*LOCAL", "DB2", "SECRET", $opt); } • Do not attempt to mix naming in the same profile – "i5_naming"=>DB2_I5_NAMING_ON (lib/table) – "i5_naming"=>DB2_I5_NAMING_OFF (lib.table) • Use separate profiles for each naming – db2_pconnect("*LOCAL", "DB2NATIVE", "SECRET", $opt); – db2_pconnect("*LOCAL", "DB2SQL", "SECRET", $opt);
  • 43. Use db2_prepare/db2_execute, (and i5_prepare/i5_execute) // db2_exec is unsafe ... $statement = "select email, password, access from eaccounts where email='{$_POST['email']}' and password='{$_POST['password']}'"; $stmt = db2_exec($conn, $statement); // db2_prepare / db2_execute is safer ... $userData = array($_POST['email'], $_POST['password']); $statement = "select email, password, access from eaccounts where email='?' and password='?'"; $stmt = db2_prepare($conn, $statement); $isok = db2_execute($stmt, $userData); // db2_exec is hacked by “' or 1=1 --” and the first row returns (CTO's record) $row = db2_fetch_array($stmt); • Hacked by single-line comment delimiter (--). – $_POST['email'] = "' or 1=1 --"; – $_POST['password'] = ""; • select email, password, access from eaccounts where email='' or 1=1 --' and password='' • Let DB2 do basic analysis on the ? parameter markers to help avoid SQL injection attack (i5_query has inject detect)
  • 44. Tip: PHP/DB2 with 65535 • Issue: PHP scripts getting “junk” back from their DB2 SQL queries. Root problem is often QCCSID setting 65535 (binary default from manufacturing) • Change CCSID before starting Apache – 0) signon as QSECOFR – 1) go zendcore/zcmenu -> stop apache – 2) CHGJOB LANGID(ENU) CNTRYID(US) CCSID(37) – 3) go zendcore/zcmenu -> start apache PHP/DB2 does not work well with the default 65535 (binary) CCSID setting. Most PHP applications experience what appears to be junk returning in SQL queries (VARCHAR, CHAR, etc.). Change your CCSID to something other than 65535 and restart the Zend Core Apache.
  • 45. Tip: DB2 – Schema (info) … • On DB2 UDB for iSeries, a schema is used to group related database objects. A DB2 UDB for iSeries schema is actually a collection of DB2 objects and OS/400 objects. When the CREATE SCHEMA statement is executed, the following objects are created: – OS/400 library – OS/400 journal and journal receiver – DB2 views containing schema-wide catalog • This collection of objects in the schema provides the container for storing related DB2 objects and the journal objects needed for enabling recovery of database changes to these DB2 objects. Use schemas (libraries), created with the SQL statement CREATE SCHEMA over CRTLIB to enable journaling. The ibm_db2 commit APIs will not function without journal enabled in the schema (library). In addition, some ibm_db2 BLOB/CLOB scenarios require journal enabled.
  • 46. MySql quick management • PhpMyAdmin – Manage MySql from the web – http://www.phpmyadmin.net/home_page/index.php • Privileges tab – users/access rights • Manage databases, tables, etc. • MySql GUI tools client / server) – Configurations secure, tunnel, etc. • http://forums.mysql.com/read.php?30,249779,249779 • Directory – Zend • /usr/local/mysql – Upgrades 5.1 recommend • /QopenSys/usr/local
  • 47. Misc • DB2 auditing – http://www.itjungle.com/fhg/fhg020806-story02.html – http://search400.techtarget.com/news/article/0,289142,sid3_gci1189820,00.html • Tango/04 • PCI Apache PTFs – V5R4 - SF99114-20 SI35761, SI35762 Apache 2.0.63 – V6R1 - SF99115-9 SI35767, SI35764, SI35768 Apache 2.2.11 – Zend Core 2.6.1
  • 48. Trademarks and Disclaimers 8 IBM Corporation 1994-2006. All rights reserved. References in this document to IBM products or services do not imply that IBM intends to make them available in every country. The following terms are trademarks of International Business Machines Corporation in the United States, other countries, or both: AS/400 e-business on demand IBM i AS/400e IBM OS/400 eServer IBM (logo) System i5 iSeries ZendCore Rational is a trademark of International Business Machines Corporation and Rational Software Corporation in the United States, other countries, or both. Intel, Intel Logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Other company, product or service names may be trademarks or service marks of others. Information is provided "AS IS" without warranty of any kind. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Information concerning non-IBM products was obtained from a supplier of these products, published announcement material, or other publicly available sources and does not constitute an endorsement of such products by IBM. Sources for non-IBM list prices and performance numbers are taken from publicly available information, including vendor announcements and vendor worldwide homepages. IBM has not tested these products and cannot confirm the accuracy of performance, capability, or any other claims related to non-IBM products. Questions on the capability of non-IBM products should be addressed to the supplier of those products. All statements regarding IBM future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only. Contact your local IBM office or IBM authorized reseller for the full text of the specific Statement of Direction. Some information addresses anticipated future capabilities. Such information is not intended as a definitive statement of a commitment to specific levels of performance, function or delivery schedules with respect to any future products. Such commitments are only made in IBM product announcements. The information is presented here to communicate IBM's current investment and development activities as a good faith effort to help with our customers' future planning. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve throughput or performance improvements equivalent to the ratios stated here.