[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: HTTPAPI using SSL - any system security implications?

To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: HTTPAPI using SSL - any system security implications?
From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
Date: Thu, 10 May 2007 13:37:49 -0500
In-reply-to: <OF5FAA76E2.457C1CC0-ON802572D7.0033602A-802572D7.0034779C@xxxxxxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
References: <OF5FAA76E2.457C1CC0-ON802572D7.0033602A-802572D7.0034779C@xxxxxxxxxxx>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.10 (Windows/20070221)

Hi Darrell,

IBM has a Redbook entitled "IBM eServer iSeries Wired Network Security: 
OS/400 V5R1 DCM and Cryptographic Enhancements" that does a pretty good 
job of explaining these things.
http://www.redbooks.ibm.com/redbooks/pdfs/sg246168.pdf

In particular, see Appendix B for info on how to give authority to the 
*SYSTEM certificate store without actually giving users access to the 
key files in the IFS.


Darrell Kavanagh wrote:
> 
> First of all, many thanks for HTTPAPI - it has greatly simplified my
> project.
> 
> I need to retrieve an XML document from a secure server. We have all the
> requirements for SSL set up on our box, and we don't need to install a
> particular certificate or anything like that, so after granting user access
> to the *SYSTEM certificate store, I understand that it should "just work".
> 
> However our operations dept is asking about the security implications of
> opening up the *SYSTEM certificate store to users. I don't have quite
> enough knowledge to reassure them. Can anyone help on this?
> 
> Am I right in thinking that adopted authority will not work with the
> certificate store ('cos its on the ifs)? Presumably this means that we need
> to grant certificate store access directly to all groups who need the SSL
> functionality?
> 
> Many thanks,
> 
> Darrell
> 
> 
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

References:
- HTTPAPI using SSL - any system security implications?
  - From: Darrell Kavanagh

Prev by Date: Re: AW: AW: HTTPAPI / call webservice in base64binary-code
Next by Date: AW: AW: AW: HTTPAPI / call webservice in base64binary-code
Previous by thread: HTTPAPI using SSL - any system security implications?
Next by thread: CEE4RAGE cannot be called in the default activation group.
Index(es):
- Date
- Thread