Encrypting IBM i ODBC Connections from Linux

ODBC with Db2 for IBM iSeveral clients have asked how to encrypt ODBC connections between Linux and IBM i to keep their Db2 data safe in transit.

To encrypt ODBC data, IBM recommends the industry-standard TLS encryption protocol (the successor to SSL).

Read more

IT Leadership Summit on Security — A Recap

Many thanks to IBM and COMMON for their recent IT Leadership Summit on Security, held August 3, 2022, at IBM’s Astor Place offices in New York City.

This free, noncommercial event for IT executives featured speakers with broad experience addressing industry security concerns. Speakers included:

Read more

No, Apache Isn’t Vulnerable to the Log4j Vulnerability

Updated December 19, 2021

The Log4j Java library has been in the news recently. The details of vulnerability CVE-2021-44228 have been well documented by others, but to summarize, it allows arbitrary code execution through maliciously crafted messages. These messages cause the Java virtual machine to look up classes from an LDAP server and load them. This is obviously not good, but unless you’re familiar with Java, you might be concerned what is and isn’t vulnerable; this article aims to clarify that.

Read more

Storing Passwords Safely

Steal passwordIf your application deals with user accounts, it has to deal with passwords. Storing passwords in plain text would be a bad idea; a data breach could allow an attacker access to every account. The obvious answer is to encrypt the passwords. However, using cryptography without understanding could give you a false sense of security—if you make the inappropriate choice, you could make things easier for an attacker without realizing it. This article will focus on getting you up to speed with the best ways to use cryptography to secure passwords.

Read more