Parmetro:

gw/sec_info

Descripcin breve: external security filename for gateway Descripcin parmetro: Este parmetro permite evitar que programas externos puedan ser ejecutados. Actualizando el fichero secinfo en el directorio de datos de la instancia gateway, se puede evitar la ejecucin no autorizada de los programas externos. Las entradas de este fichero tienen la sintaxis siguiente: [USER=<user>] [PWD=<pwd>] [USER-HOST=<user_host>] [HOST=<host>] [TP=<tp>] Mediante una lnea determinada se permite al usuario <user> lanzar el programa <tp> en la mquina <host>. Esta verificacin de autorizacin puede intensificarse indicando los parmetros opcionales PWD y/o USERHOST. Ejemplos: USER=mueller HOST=hw1414 TP=test USER=hugo PWD=pass USER-HOST=hw1234 HOST=hw1414 TP=prog

El usuario mueller est autorizado para ejecutar el programa test en la mquina hw1414. El usuario hugo est autorizado para ejecutar el programa prog en la mquina hw1414, en caso de haberse identificado en el gateway desde la mquina hw1234 y de haber fijado la palabra clave de seguridad en pass mediante la llamada CMSCSP de CPIC. Si el usuario ha fijado el usuario de seguridad mediante la llamada CMSCSU, ste ser utilizado para la verificacin. En todos los parmetros puede utilizarse '*' como comodn. En caso de no haberse indicado PWD y/o USER-HOST, se tomar el valor '*' en su lugar. Ejemplo: Todos los usuario debe estar autorizados para ejecutar el programa test en la mquina hw1414: USER=* HOST=hw1414 TP=test; La lista actual de las entradas de seguridad puede visualizarse a travs del monitor y se puede iniciar un refrescado (refresh) procedente del fichero de seguridad. rea funcional: gateway Unidad : nombre de fichero Valor por defecto: <Data-Directory>/secinfo Quin puede modificar: cliente Limitaciones respecto a sist.operativos: ninguna Limitaciones respecto a los sistemas de BD: ninguna

Existen otros parmetros afectados o dependientes: ninguno Entradas, formatos y reas vlidos: nombre de fichero. Parameter : gw/reg_info Short Description : External security filename for gateway Parameter Description: You can use this parameter to protect the registration of external programs. You can avoid the unauthorized registration of programs by maintaining the file reginfo in the data directory of the gateway instance. If the file exists, the system searches for valid entries for the registration here. It also searches, as previously, in the gw/sec_info files. You can define the entries better than previously by using the reginfo file. Entries in this file have the following syntax: TP=<tp> [HOST=<hostname>] [NO=<n>] [ACCESS=<hostname>] [CANCEL=<hostname>] You can use a corresponding row to allow specific programs to register themselves from another host. Valid TP names: No restriction : * TP names : foo Start of name : foo* Valid host names: No restriction :* Host name : such as sapprod IP address : 192.1.1.3 Domain : *.sap.com Subnetwork addresses: 192.1.1.* Examples of valid entries: TP=* All registrations allowed HOST=* TP=foo* All registrations that begin with foo, but not f or fo, are allowed HOST=*.sap.com TP=* All registrations from the domain *.sap.com are allowed If the TP name was specified without wild cards, you can also specify the number of permissible registrations. Example: HOST=* TP=foo NO=1 , that is, only one program with the name foo can register, all other attempts to register by a program with this name are rejected.

You can also define an access list for each entry, to control access to the registered programs from the client side. An access list is a name of host names that must conform to the above rules. However, "*" is not allowed here. If no access list is specified, the program can be used from any client. The local gateway, with which the program is registered, always has access. It is important to note that this is a check based on hosts, and not at user level, such as: HOST=* TP=foo ACCESS=*.sap.com The program foo can only be accessed by hosts from the domain *.sap.com. Accesses from another domain are rejected. You can use the CANCEL list to define whether other clients may end the registered program. The same rules apply for this list as for HOST or ACCESS, such as: HOST=* TP=foo ACCESS=*.sap.com CANCEL=*.wdf.sap.corp The program foo can only be ended by clients that have logged on from the domain wdf.sap.corp. Application area: Gateway Unit : File Default value : <data directory>/reginfo Who is permitted to make changes: The customer Limitations for operating systems: None Limitations for database systems: None Other parameters affected or dependent: None Valid Inputs, Formats, Areas : File name