dbTalk Databases Forums  

No Trust/No HDR?

Go Back dbTalk Databases Forums Databases comp.databases.informix No Trust/No HDR?

comp.databases.informix comp.databases.informix


Discuss No Trust/No HDR? in the comp.databases.informix forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
red_valsen@yahoo.com
 
Posts: n/a

Default No Trust/No HDR? - 03-01-2010 , 12:16 PM





Is it necessary to use either a hosts.equiv or .rhosts file to
maintain a "trust" between two hosts which are members of an HDR
pair? Is there any _secure_ method to establish and maintain the
trust which the informixserver recognizes aside from using a dated
technique that has well-documented vulnerabilities and well-known
exploits? Do the DR encryption onconfig parameters have a bearing on
this problem?

Reply With Quote
  #2  
Old   
Nilesh Ozarkar
 
Posts: n/a

Default Re: No Trust/No HDR? - 03-01-2010 , 01:11 PM





informix-list-bounces (AT) iiug (DOT) org wrote on 03/01/2010 12:16:26 PM:
Quote:
From:

"red_valsen (AT) yahoo (DOT) com" <red_valsen (AT) yahoo (DOT) com

To:

informix-list (AT) iiug (DOT) org

Date:

03/01/2010 12:20 PM

Subject:

No Trust/No HDR?

Sent by:

informix-list-bounces (AT) iiug (DOT) org

Is it necessary to use either a hosts.equiv or .rhosts file to
maintain a "trust" between two hosts which are members of an HDR
pair? Is there any _secure_ method to establish and maintain the
trust which the informixserver recognizes aside from using a dated
technique that has well-documented vulnerabilities and well-known
exploits?
There is a way -- refer to
http://publib.boulder.ibm.com/infoce...ids_am_032.htm


In short, you need to set security option (s=6) in sqlhosts file and create
hosts.equiv in $INFORMIXDIR/etc.


Quote:
Do the DR encryption onconfig parameters have a bearing on
this problem?
Encryption won't help in authentication, it's for data encryption only.
For encryption -- refer --
http://publib.boulder.ibm.com/infoce...admin_0946.htm


HTH,:

- Nilesh -


Quote:
_______________________________________________
Informix-list mailing list
Informix-list (AT) iiug (DOT) org
http://www.iiug.org/mailman/listinfo/informix-list

Reply With Quote
  #3  
Old   
Ian Michael Gumby
 
Posts: n/a

Default RE: No Trust/No HDR? - 03-01-2010 , 01:23 PM


Don't ever use .rhosts file.
Host equiv only if you know that you're behind a good firewall and that youonly do this for one application where you can control the entries in host..equiv.

Both are very old and insecure. Especially .rhosts .
Can you say "Morris Worm"
http://spaf.cerias.purdue.edu/tech-reps/933.pdf
http://en.wikipedia.org/wiki/Morris_worm

The first link is to Gene Spafford's paper on what happened.
The second is the typical wiki entry.

If you take the time to read the paper, you'll understand some of the issues of the .rhosts and hosts.equiv.
Not good and there are alternatives that exist which may replace this method.


Now I'm going to show my age by saying that I used to have a 9 track of theworm and e-mails from admins talking about it.... ;-)

-G


Quote:
From: red_valsen (AT) yahoo (DOT) com
Subject: No Trust/No HDR?
Date: Mon, 1 Mar 2010 10:16:26 -0800
To: informix-list (AT) iiug (DOT) org

Is it necessary to use either a hosts.equiv or .rhosts file to
maintain a "trust" between two hosts which are members of an HDR
pair? Is there any _secure_ method to establish and maintain the
trust which the informixserver recognizes aside from using a dated
technique that has well-documented vulnerabilities and well-known
exploits? Do the DR encryption onconfig parameters have a bearing on
this problem?
_______________________________________________
Informix-list mailing list
Informix-list (AT) iiug (DOT) org
http://www.iiug.org/mailman/listinfo/informix-list
__________________________________________________ _______________
Hotmail: Free, trusted and rich email service.
http://clk.atdmt.com/GBL/go/201469228/direct/01/

Reply With Quote
  #4  
Old   
Fernando Nunes
 
Posts: n/a

Default Re: No Trust/No HDR? - 03-01-2010 , 02:10 PM


red_valsen (AT) yahoo (DOT) com wrote:
Quote:
Is it necessary to use either a hosts.equiv or .rhosts file to
maintain a "trust" between two hosts which are members of an HDR
pair? Is there any _secure_ method to establish and maintain the
trust which the informixserver recognizes aside from using a dated
technique that has well-documented vulnerabilities and well-known
exploits? Do the DR encryption onconfig parameters have a bearing on
this problem?
The "good" reply was already sent (at least in IIUG lists).
In any case I would like to be pointed to those well-documented
vulnerabilities and well-known exploits. My request has a catch as you
might expect, but I honestly would like to be proven wrong.

Thanks in advance.
Regards.

Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top