Security For Preparing Sqlj Applications With The Ibm Data Server Driver For Jdbc And Sqlj - IBM DB2 Manual

|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Security for preparing SQLJ applications with the IBM Data Server
Driver for JDBC and SQLJ
462
Application Programming Guide and Reference for Java
To do that, set the following Java system properties:
javax.net.ssl.trustStore
Specifies the name of the truststore that you specified with the
-keystore parameter in the keytool utility in step 1 on page 459.
If the IBM Data Server Driver for JDBC and SQLJ property
DB2BaseDataSource.sslTrustStoreLocation is set, its value overrides the
javax.net.ssl.trustStore property value.
javax.net.ssl.trustStorePassword (optional)
Specifies the password for the truststore. You do not need to set a
truststore password. However, if you do not set the password, you
cannot protect the integrity of the truststore.
If the IBM Data Server Driver for JDBC and SQLJ property
DB2BaseDataSource.sslTrustStorePassword is set, its value overrides the
javax.net.ssl.trustStorePassword property value.
Example: One way that you can set Java system properties is to specify them as
the arguments of the -D option when you run a Java application. Suppose that
you want to run a Java application named MySSL.java, which accesses a data
source using an SSL connection. You have defined a truststore named cacerts.
The following command sets the truststore name when you run the application.
java -Djavax.net.ssl.trustStore=cacerts MySSL
Two ways to provide security during SQLJ application preparation are to allow
users to customize applications only, and to limit access to a specific set of tables
during customization.
Allowing users to customize only
You can use one of the following techniques to allow a set of users to customize
SQLJ applications, but not to bind or run those applications:
v Create a database system for customization only (recommended solution):
Follow these steps:
1. Create a new DB2 subsystem. This is the customization-only system.
2. On the customization-only system, define all the tables and views that are
accessed by the SQLJ applications. The table or view definitions must be the
same as the definitions on the DB2 subsystem where the application will be
bound and will run (the bind-and-run system). Executing the DESCRIBE
statement on the tables or views must give the same results on the
customization-only system and the bind-and-run system.
3. On the customization-only system, grant the necessary table or view
privileges to users who will customize SQLJ applications.
4. On the customization-only system, users run the sqlj command with the
-compile=true option to create Java byte codes and serialized profiles for
their programs. Then they run the db2sqljcustomize command with the
-automaticbind NO option to create customized serialized profiles.
5. Copy the java byte code files and customized serialized profiles to the
bind-and-run system.
™