db2ibm-midrangerpgsecure-codingcontrol-language

Good resources for secure coding in RPG and CL (iSeries development)


I'm just wondering if anyone can point me for secure coding resources for RPG and CL. (RPG as in for the iSeries, not Role Playing Games).

I have no problem finding resources that cover secure coding guidelines that are generic, which are very good to have. I can also find specific guidelines for .NET, Java, or almost any other modern language that cover best practices for the specific language. (For example, the proper use of validation controls in .NET, etc) However, I can't seem to find any good resources specific to RPG programming.

I'm asking because I come from a mixed environment where .NET code regularly calls iSeries code. Most often, the iSeries code is in the form of RPG or CL programs "wrapped" to look like stored procedures. I'm working on secure coding practices documentation and policies for the entire team, and am unable to find good resources for our iSeries developers, even on the IBM site.

I'm hoping an experienced iSeries developer or two can point me to good articles, or redbooks on the subject.

Edit

I may be looking at this wrong. I would also be interested in documentaiton on DB2 security, as well as security provided by the OS.


Solution

  • General SQL secure practices also apply to DB2 on the iSeries (injection protection and such) which includes embedded SQL in RPG programs.

    This is a Redbook for iSeries Security

    This is IBM's iSeries security documentation and references for V5R4

    Who knew you could do that with RPG IV is a great Redbook but it's not specific to security.