AIX > Administrator > Security

Howdy, Partner! The Role of Application Developers in IT Security


The Developer’s Role

How is this partnership supposed to work for developers?

At design and development time, the development team should assume that application users will have no authority to the data manipulated by the application. Note that it doesn’t hurt if some users actually do have authority to the data; but the assumption should be that end users are not authorized to the data.

Developers should consider the following:

  1. Application level access control. Applications should implement some form of application level access control—in fact, most already do—based on the organization’s business rules and requirements.
  2. The development team should choose the most appropriate mechanism(s) to ensure that application programs acquire the authority they need at execution time. As stated previously, these mechanisms exist in all operating systems, and you can learn about them here.
  3. Pay special attention to any programs that provide access to a command line, either directly or indirectly. Ensure that elevated authority or privileges aren’t available while the command line is accessible to the application user.
  4. Developers should also ensure that the default authority to all data and programs (with few exceptions) is the equivalent of no access for anyone other than the owning user profile.
  5. The exceptions to #4: Depending on the operating system and mechanisms used to elevate authority, a small number of programs may need to be configured to allow authorized end users to execute them also. This is true, for example, of stored procedures in database products. Developers are responsible for identifying these and determining the authority required. They should work with administrators to ensure that the least amount of authority required is granted to only the end users that require this authority.
  6. Finally, the development team must test their applications using end user authority, especially if developers have direct access to data. If this isn’t done, you won’t be testing whether or not your application is properly acquiring the required authority.
  7. It should also be noted that the development team’s responsibilities apply equally to third-party product development as well as in-house teams. In my opinion, it’s darn near criminal for product providers to require that end users have direct authority to data manipulated by their applications!

    The Administrator’s Role

    How should the partnership work for administrators?

    Administrators hold up their end of the bargain primarily after applications are put into production. Initially, they must ensure that there’s no “default” authority to new data and that appropriate access to the initial program of an application is strictly limited to only those end users authorized to use the application. The easiest way of doing this is to use a group that represents those users authorized to an application. Then they should grant this group authority to execute the initial program of an application. Most of the subsequent programs of an application should be set to not allow anyone access.

    Administrators are also responsible for setting the appropriate access control for data that needs to be used outside of the applications. One example is if someone in the accounting department needs to access a database file via SQL to perform ad hoc reporting. The administrator should grant the necessary authority (for the end user or through a group profile if others will require the same access). If the authority is needed intermittently, the administrator should provide a script or command that he or she can use to quickly grant that authority to and revoke that authority from whoever needs it.

    Finally, administrators are also responsible for ensuring that the proper authority isn’t changed once it’s set. This is best done by writing or acquiring third-party products that provide this capability.

    The Bottom Line

    System administrators and developers must work together to adequately secure your data assets. A partnership between developers and administrators will lead to systems that are much more secure, much better controlled, and likely less expensive and time consuming for the organization.

Patrick Botz is the principal consultant and founder of Botz & Associates Inc., architect of the SSO stat! service and former head of the IBM Lab Services Security Consulting practice. He can be reached via www.botzandassociates.com.



Like what you just read? To receive technical tips and articles directly in your inbox twice per month, sign up for the EXTRA e-newsletter here.


comments powered by Disqus

Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters