Trick Question – the answer is moot because the AS400 is long dead. That glorious old creamy compuiter system hasn’t been around for decades. But, it’s grandson, the IBM POWER SYSTEM has a fully backward compatible version of the DLS.
So, the question might be more accurately asked liked this:
Is the IBM i DLS Insecure?
The QDLS (Document Library Services) file system on IBM i has some limitations and considerations that might be perceived as security concerns. Here are a few points to consider:
- File Naming Restrictions:
- QDLS restricts file names to 8.3 characters (DOS-style) with no mixed case, limited special characters, and no spaces in file names
- In contrast, the “root” file system (Integrated File System or IFS) supports long filenames, mixed case, and special characters
- Compatibility and Legacy:
- QDLS was originally created for OfficeVision, a discontinued product, but it has been used for other purposes
- The QDLS folders are DOS-compatible, while directories outside QDLS are Unix-compatible (long filenames and case-sensitive)
- Access Methods:
- You can access QDLS through the integrated file system interface using either the IBM i file server or integrated file system commands, user displays, and APIs.
- Operations can be performed on QDLS objects not only through Document Library Objects (DLO) CL commands but also via the integrated file system interface or APIs provided by a hierarchical file system (HFS)
In summary, while QDLS has limitations, it’s essential to weigh its compatibility with legacy systems and consider whether its restrictions align with your security requirements.
If you need more flexibility, the IFS (“root” file system) might be a better choice.
How can I secure potential QDLS security exposures?
To enhance security for QDLS (Document Library Services) on IBM i, consider the following steps:
- Access Controls:
- Review and tighten object-level security permissions for QDLS folders and files. Limit access to authorized users only.
- Use authorization lists to manage access at a higher level. Authorization lists allow you to group users and assign permissions to the list rather than individual objects.
- Network Security:
- Ensure that network access to QDLS is restricted. Use firewalls, VPN, or other network security measures.
- Consider using encrypted connections (such as SSL/TLS) when accessing QDLS remotely.
- Audit Logging:
- Enable security auditing for QDLS objects. Monitor access and changes to files and folders.
- Regularly review audit logs to detect any unauthorized activity.
- Backup and Recovery:
- Regularly back up QDLS data. Implement a robust backup strategy to protect against data loss.
- Test your backups periodically to ensure they are valid and can be restored.
- System Updates:
- Keep your IBM i system up to date with security patches and fixes.
- Regularly review IBM’s security bulletins and apply recommended updates.
- User Education:
- Educate users about security best practices. Encourage strong passwords, two-factor authentication, and safe computing habits.
Remember that security is a continuous process. Regularly assess and adapt your security measures to address evolving threats.