Question: Securing Services with EXS

We would like to allow only one certain TCP/IP address to call one of our Natural RPC Service, without limiting TCP/IP adresses to other exisitng services registered to the same Broker.

The document says I can set BKICON = Y to Authorize I/P connections. I would like to find out more how the authentication works? Can I relate the TCP/IP address to a specific server? Is userid/pw required?

Thanks in advance,

Rabia, this is my understanding of how it should work, although I haven’t tested it:

You would need to relate the security to a user (or group). Thus for TCP/IP, you would have the rules:

  • allow user(rpcuser) resource( read
  • deny user() resource(
  • allow user() resource(*) read

(the specific syntax for the “allow” “deny” will depend on your SAF product)

User “rpcuser” would be given access authority (read) to the class/server/service, same as you would do without TCP/IP security. If “rpcuser” is the only user allowed to that class/server/service and only that user is allowed to use that tcp/ip address, you should be tightened down.

Let me know how it goes!

Douglas Kelly,
Principal Consultant
Software AG, Inc
Sacramento, California