One means of enhancing system security is to use passwords. HiRDB enables you to set a password for each user. However, if simple, easy-to-guess passwords are used (for example, one's authorization identifier or birth date), there is an increased possibility that a fraudulent user could use that password to gain access to the system. To prevent fraudulent use of passwords, use of the connection security facility is recommended. Table 9-4 provides an overview of the connection security facility.

Table 9-4 Overview of connection security facility

Function	Description
Restrictions on password character strings	You can place restrictions on the character strings that can be specified as passwords. For example, you can prohibit passwords such as 012345 or aaaaa. Prohibiting simple passwords tends to increase password security.
Restrictions on the number of consecutive certification failures	If an incorrect password is entered a specified number of times in succession, you can bar that user from connecting (CONNECT) to HiRDB. To do so, you set the maximum number of times an incorrect password can be entered in consecutive connection attempts, and any user who exceeds the set number of attempts can no longer connect to HiRDB. For example, you might permit a user three attempts to enter the correct password. On the fourth unsuccessful attempt, the user would be prohibited from connecting to HiRDB.

By combining these two functions, fraudulent use of passwords based on ease of discovery can be made more difficult, which enhances system security.

Note

You cannot use a directory server linkage facility and the connection security facility at the same time. If you use a directory server linkage facility, you must clear the settings for the connection security facility.