Access Controls for Registered Programs

Use

You can protect the registration of external programs by means of an access control list (ACL). To do this set parameter gw/reg_info (see Security Parameters).

You can prevent any unauthorized registration of programs by making the relevant entries in file reginfo in the data directory of the gateway instance.

If the file exists, the system searches for valid registration entries in this list. If the file doesn’t exist, the system searches, as up to now too, in the file specified by gw/sec_info.

Since important security information is held in this file, the system administrator must take care to define the file authorization correctly, for example, read-only authorization for the file owner, and no authorization for all other users. 

Process Flow

As soon as a program has registered at the gateway, the attributes of the retrieved entry (specifically NOACCESS) are passed on to the registered program. This means that if the file is changed and the new entries immediately become active through a “reload“ of the security data, the servers already logged on will still have the old attributes. To assign the new settings to the registered programs too (if they have been changed at all), the servers must first be deregistered and then registered again.

The file is read when the gateway is started up. Dynamic changes can be made by changing, adding to, or deleting the entries in the reginfo file. Then the file can be immediately activated by reloading the security files.

Note that when the gateway is started, both security files are read in afresh.

Any error lines are put in the trace file dev_rd, and are not read in.

For details of the structure of the reginfo file see under Defining the reginfo File.