CDQuery: An Alternative to Db2 Web Query

CD QueryAfter IBM abruptly withdrew Db2 Web Query from marketing last October, clients began asking for a replacement. A solution was at hand with CDQuery—a fascinating analytics package developed by our valued international partner CDInvest, led by IBM Champion Koen Decorte.

Summit Lunch & LearnThe feedback on CDQuery has been so positive that we’re working with Koen and his team to bring CDQuery to the North American market. We’re recommending it to clients who need to replace Web Query.

Read more

Which PHP Versions Get Critical Security Updates?

PHPAlthough there are many reasons—including performance—to update to newer PHP releases, the number one reason is to avoid losing security updates.

Each version of PHP (7.4, 8.0, 8.1, 8.2, 8.3, etc.) has three years of support before it is considered end of life. For two years, it gets bug fixes and all security fixes. In the third year, it gets only critical security fixes. After that, nothing!

Read more

How to Protect Secure Websites & APIs from Certificates Expiring

API & web security on IBM iIf you have encrypted your website, API, Telnet server, or other service with TLS (SSL), good for you!

Now, do you know when those certificates will expire? If they expire without renewal, your service could become unavailable without warning.

In the past, to find expiration dates for digital certificates on IBM i, you’d either have to look in the Digital Certificate Manager (DCM), call the Retrieve Certificate Information (QYCURTVCI, QycuRetrieveCertificateInfo) API, or keep extremely good notes!

CERTIFICATE_INFO, an IBM i service recently delivered by IBM, solves all this. This SQL table function, documented here, returns a result table that contains information about server or Certificate Authority (CA) certificates, including their expiration date.

Here’s how to use CERTIFICATE_INFO to find expiring certificates.

Read more

Node.js v20 and Other Updated Packages Require New IBM i Repositories

IBM i open source for businessAs we mentioned in our article on installing ODBC via yum, the latest IBM i open source packages require new repositories.

A notable example is Node.js v20. When we hear users say, “I don’t see Node.js v20 listed in available packages, and yum returns ‘No package nodejs20 available‘,” the reason invariably is that the new repositories, ibmi-base and ibmi-release, have not been installed.

Read more

What IBM i Users Should Check when Learning of an Open Source Security Vulnerability

API & web security on IBM iA client asked about a vulnerability found in libwebp, which is used by PHP’s image-handling gd extension.

My first step was to find a reputable source for details. According to this trusted article about the vulnerability, the issue affected only libwebp versions 1.3.1 and earlier. I checked our own system and found we had a patched version from IBM, so we were safe. The client was, too.

Here is the procedure you can use for checking the version of this or any other open source package on IBM i. Read more

Our Favorite ibm_db2 Settings for PHP

PHP on IBM iWhen supporting our Seiden CP+ PHP, we found that documentation for the “classic” ibm_db2 extension for IBM i wasn’t easy to find.

To help ourselves as well as others, we updated the PHP.net manual to describe each ibm_db2.i5_* setting. This blog post links to that manual page and highlights a few of our favorite ibm_db2 settings.

Read more

Read-only Mode in VS Code for IBM i

Code for IBM iIf you are using the Code for i extension and would like to “browse” or view certain source members without the risk of modifying them, use the “Read only” or “Protected” capability.

Read more

PHP 8.3: How the Community Helps PHP Evolve

The inclusion in PHP 8.3 of two enhancements by Seiden Group’s own Calvin Buckley* inspired me to write this post.

PHP is moved forward by its community. Each year there is a new major release with enhancements, each month a maintenance release. PHP 8.3 is another achievement in the steady cycle of improvements.

Here are some key resources for understanding how the PHP language is built and enhanced.

Read more

Older 32-Bit PHP & PASE Apps Can Break in IBM i 7.5

This alert was originally published in Seiden Group’s July 2023 Support Bulletin.
Seiden Group’s CP+ PHP fully supports IBM i 7.5.

IBM i 7.5 includes OpenSSL 1.1.1, an upgrade that can disable older PASE applications that were tied to 1.0.2 or earlier.

Read more

IBM i Apache Security Setting: RequestReadTimeout

Apache HTTP Server ProjectA client asked for help addressing a Denial of Service (DoS) vulnerability that their security company discovered. The company found it could slow down the Apache web server by sending it incorrect headers. By sending an artificially high “Content-Length” header, they caused the web server to wait for data that would never come.

Read more