Db2 11.5.9 provides better control over the connection of remote clients to Db2 instances.
Attention: This mod pack release is currently available for the following Db2 products:
- Db2 Distributed (on-premises)
- Db2 Warehouse on Cloud
Table 1 displays a list of security enhancements in Db2 11.5.9:
|Restricted TCP/IP listener mode.||If an unsecured TCP/IP connection is needed for certain Db2 features, the listener can now be started in restricted mode to prevent remote Db2 client connections. An example would be applications using type 2 connections over the secure port, while the Sync Point Manager uses the restricted TCP/IP port for processing. For more information, see svcename - TCP/IP service name configuration parameter.|
|SSL security type support for Db2 nodes registered on an LDAP server.||Db2
includes enhancement to the REGISTER LDAP
command to support the SSL security type [see Transport Layer
|New restricted use of IMPORT and EXPORT operations with the ADMIN_CMD procedure.||With the release of Db2
Db2 database administrators can now restrict use of the ADMIN_CMD IMPORT and
to predefined paths, by using the DB2_LOAD_RESTRICTED_IO_PATH miscellaneous variable.
For example, if the DB2_LOAD_RESTRICTED_IO_PATH option is enabled, the ADMIN_CMD(IMPORT) file path for