You are currently on IBM Systems Media’s archival website. Click here to view our new website.

IBM i > ADMINISTRATOR > SECURITY

Using Session Timeouts to Control Unauthorized Activity

The rationale and code for ensuring interactive applications time out properly

The rationale and code for ensuring interactive applications time out properly

Unattended interactive sessions can be a disgruntled employee’s workshop. Think of an unattended green-screen device (terminal, PC running iSeries* Access, etc.), signed onto by a valid user who then leaves the desk for a few minutes or, commonly, a lunch hour. Any other employee with physical access to the device could access any program, menu option, function, file or database that the original user can access. The employee could run payroll checks (perhaps a special payroll of one check), schedule deliveries (merchandise delivered to a friend’s house) or some other legitimate business function.

Another consideration is that an interactive session that’s signed onto and unattended could be locking a record or file that another process needs. Our programs should account for this possibility, but if the unattended interactive session weren’t using resources, the lock situation wouldn’t exist.

Administrators need to provide a mechanism to stop unauthorized access to unattended interactive sessions. If users have PCs, the timeout screen saver feature is a good option. But the interactive session itself can also be monitored for a timeout condition, where if the session is idle for a designated period, an action can be taken. In this article, I identify the system values that control timeouts and provide some sample code that can help manage timeouts or inactivity.

Michael Ryan is a technical editor with IBM Systems Magazine. Michael can be reached at michael@ryantechnology.com.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

IBM i > ADMINISTRATOR > SECURITY

A Guide to Passing an Audit

ADMINISTRATOR > SECURITY

A Look at COBIT Security

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters