February 13, 2013 - Vol 3, Issue 23
Security Workshop from The 400 School

Powertech - Control of your Powerful Users

Is Your JD EDWARDS Database Secure? See how SKYVIEW PARTNERS can help!

Feature Article

New Control Language Built-In Functions - January 2013

By Guy Vig and Jennifer Liu - IBM - Control Language

New Control Language Built-In Functions have been added via PTF for IBM i 7.1.  The PTF SI49061 was approved January 25, 2013 by Jennifer Liu on the CL compiler team.

Editors Note: A Big "Thank You" to Jennifer!

Support for new trim built-in functions (i.e. %TRIM, %TRIML, and %TRIMR) was added by PTF SI48166 last October, and SI49061 supersedes SI48166.

The new built-in functions have been added to both OPM CL and ILE CL that make string handling easier and faster:

1.  %CHECK  - Check Characters
2.  %CHECKR - Check Reverse
3.  %SCAN   - Scan for Characters
4.  %TRIM   - Trim Characters at Edges
5.  %TRIML  - Trim Leading Characters
6.  %TRIMR  - Trim Trailing Characters

If you want to use these new CL built-in functions on a 7.1 system, PTF SI49061 must be loaded and applied. Support will not be PTF'ed to 6.1 or 5.4 releases, but you can compile CL code that uses these new functions on your 7.1 system and specify TGTRLS(V6R1M0) or TGTRLS(V5R4M0) and then save the CL objects off your 7.1 system and restore them on an IBM i system running the 5.4 or 6.1 release of IBM i.

All of the above built-in functions will have almost the same behavior as the RPG built-in functions by the same name.

Descriptions of each new built-in function:

%CHECK built-in function

The check built-in function (%CHECK) returns the first position of a base string that contains a character that does not appear in the comparator string. If all of the characters in the base string also appear in the comparator string, the function returns 0. This function can only be used within a CL program or procedure.

The %CHECK built-in function can be used anywhere that CL supports an arithmetic expression. %CHECK can be used alone or as part of a more complex arithmetic expression. For example, %CHECK could be used to compare to a numeric CL variable in the COND parameter of an IF or WHEN command. %CHECK can also be used to set the value of a CL command parameter, if the associated command object defines the parameter with EXPR(*YES) and TYPE of *DEC, *INT2, *INT4, *UINT2, or *UINT4.

The format of the check built-in function is shown in this example:

%CHECK(comparator-string base-string [starting-position])

Read More about the New Built-In Functions

In This Issue

Featured Article - New CL Built-In Functions

Security Shorts - Stop Adopted Authority

Featured Video - Vulnerable User Profiles

Industry News and Calendar

Security Resources

Quick Links

Search Security Site for IBM i and i5/OS

SecureMyi Website

Security Training from The 400 School

SecureMyi Newsletter Home/Archives

Need Access to an IBM i? Visit RZKH.de

Our Newsletter Sponsors

Platinum Sponsor

    The 400 School, Inc

Gold Sponsor
    The PowerTech Group

    Skyview Partners, Inc

    Cilasoft Security Solutions

IBM i Security Resources

John Earl Memorial Tribute - Jan 2013

IBM i Security Videos from SecureMyi.com

SecureMyi Newsletter Home and Archives

Search Security Site for IBM i and i5/OS

IBM i Security Reference - IBM i 6.1

IBM i Security Reference - IBM i 7.1

QAUDJRN Audit Types By AUDLVL 6.1

QAUDJRN Entry Type Record Layout 6.1

RedBook - Security Guide for IBM i 6.1

PCI SSC Data Security Standards

COBIT Framework - ISACA

HIPAA Resources

HITECH Enforcement

CISSP - Certification

Follow SecureMyi on Twitter

Follow SecureMyi on YouTube

PowerTech - Control of your Powerful Users

IBM i Security and Systems Management News Bytes

Arpeggio Software releases ARP-SAVE Secure Backup Software for the IBM i

Arpeggio Software, a provider of security software solutions for the IBM i announced the release of ARP-SAVE, a native IBM i software solution for encrypting backups. ARP-SAVE is a software solution that can encrypt and save IBM i data and system objects as well as manage the restoration of secured backups.

Read the ARP-SAVE Press Release.

IBM i Security Calendar of Events

Live Security Related Webcasts and Training for IBM i

Live 4-Day Hands-On Expanded Security Workshop for IBM i
Full Length Training Workshop - February 19-22, 2013 9:00am - 4:00pm CST
Dan Riehl presents his 4-Day Live Online Hands-on Security Workshop for the IBM i.
More Information and Register to Attend

An "Easy" Button for Provisioning IBM i Users
Live Webcast - Sponsored by PowerTech
Wednesday, February 27 1:00 PM CST
More Information and Register to Attend

Top 10 New Features of IBM i Security - With Carol Woodbury
Live Webcast - Presented by Skyview Partners
Wednesday, March 13 10:00am CST
More Information and Register to Attend

April 7-10 - COMMON - A User Group
2013 Annual Conference and Exposition - Austin, TX
More Information and Register to Attend

Is Your JD EDWARDS Database Secure? See how SKYVIEW PARTNERS can help!

Featured YouTube Educational Video

IBM i Security

Are your User Profiles Vulnerable to Profile Hijacking?

Featured Video - Misconceptions on Ownership and Authority to User Profiles

Security Shorts

Stop Adoption of Authority in the Calling Program

By Dan Riehl

IBM has provided the Machine Interface(MI) Built-In Function MODINVAU to modify the adopted authority attributes of a program's invocation level. In effect, it allows you to control the propagation of adopted authority from within a program.

The MODINVAU function has one argument that can contain one of two values:

  • Hex 00 = Don't suppress adopted authority
  • Hex 01 = Suppress adopted authority

If '00' is specified, normal propagation of adopted authority to called programs and subprograms occurs. If '01' is specified, adopted authority is not propagated to called programs and subprograms. Here's an example of using the function in a Control Language program.

    CallPrc    Prc( '_MODINVAU' )   Parm(x'01')
    /* Suppress Adopted Aut */
    Go Main

This simple program uses the MODINVAU function to flip the invocation authority switch so that any adopted authority is not propagated to subsequent programs. In this case, the program takes us to the menu name MAIN, and adopted authority is not in effect at the MAIN menu. When we exit from the MAIN menu by using F3, we return to the calling program, where any adopted authority is still in effect.

I suggest using this MI function in your application development to achieve more granular control over adopted authority. If a program needs adopted authority, create the program to adopt. But then also use the MODINVAU function to block the adopted authority from traveling down the stack to other programs. It's a much more elegant design than trying to take control of all programs by using the USEADPAUT(Use Adopted Autority) program attribute.

If your adopting programs don't pass on their adopted authority, many security issues can be alleviated.

You can read more about MODINVAU in the IBM Information Center article on MODINVAU.

Sponsored Links

IBM i, iSeries and AS/400
Security Services from SecureMyi

Expert Level Security Consulting
IT Security and Compliance Group, LLC
In Depth Security Assessment of IBM i
Upgrade to QSECURITY level 40 or 50
Forensic Research and Analysis
Audit Assistance and Remediation
Security Training for IT and Audit Staff
Security Software Selection & Configuration
Customized Security/System Programming

Live Training from The 400 School, Inc

Customized IBM i (AS/400) Training -
    Presented Live at your offices

Live Online Hands-On Workshops

Intro RPG IV Programming
Intro RPG/400 Programming
IBM i COBOL Programming
Interactive Programming Workshops
Introduction to System Operations
Expanded System Operations Workshop
System Administration and Control
Expanded Security Workshop
Control Language Programming
IBM i Concepts and Facilities
Concepts & Control Language
Query Workshop

Training from The 400 School

Send your IBM i Security and Systems Management News and Events!           Send your Questions, Comments, Tips and Stories

Copyright 2013 - SecureMyi.com, all rights reserved

SecureMyi.com | St Louis MO 63017