Skip to content

IDMS must protect against the use of web-based applications that use generic IDs.

An XCCDF Rule

Description

<VulnDiscussion>Web-based applications that allow a generic ID can be a door into IDMS allowing unauthorized changes whose authors may not be determined.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-251597r960864_rule
Severity
Low
References
Updated



Remediation - Manual Procedure

For web-based applications using generic IDs, set the individual user ID (external identity) to be recorded in the journal.

For JDBC applications, use the "IdmsConnection setIdentity" method.

For ODBC applications, use the "SQLSetConnectAttr" function with the IDMS_ATTR_EXTERNAL_IDENTITY attribute type.