This section introduces FEPI security.
Because FEPI is a terminal emulator, the back-end system "sees" the front-end as a terminal rather than a system; it cannot differentiate between FEPI emulation and a real device. Thus, CICS® bind, link, and attach-time security are not applicable to FEPI connections. If security is enabled in the back-end system, in order for your FEPI application to access protected resources the emulated terminal must be signed on to the back-end. The alternative is that you do not use CICS security with FEPI--that is, you make all the back-end transactions accessed by FEPI available to the CICS default user. This option is clearly unacceptable; it means that you must either run a security risk or deprive your FEPI applications of access to sensitive data.
When signing on to a back-end system, FEPI applications can ask the external security manager (ESM) to supply a password substitute, or PassTicket. Using PassTickets to sign on means that FEPI applications do not need to store user passwords (which is risky), or ask users to reenter them (which is irritating). For information about implementing signon security, see Signon security.
You can restrict access to the FEPI system programming commands by defining operator profiles to your ESM. For details of how to do this, see Command-level security. All application programming commands are generally available.
[[ Contents Previous Page | Next Page Index ]]