Security and AcuServer

If you use AcuServer to give users access to data over the Internet, you will want to provide security measures to ensure that your data is safe from corruption or unauthorized access.

Setting up a firewall limits access to your data and enforces your organization's access control policy. When you set up a firewall, you'll need to indicate the "port number" through which applications gain access to your data. The default port number for AcuServer is 6523. You can indicate this setting through the ACUSERVER_PORT configuration variable.

Another way to secure your data is to encrypt it within your application before it is sent to AcuServer. Encryption provides an extra layer of security over and above the firewall your organization employs. Encryption is enabled with two configuration variables: ENCRYPTION_SEED and AGS_SOCKET_ENCRYPT.

AcuServer can also provide built-in password protection for access to files on the server. It provides a great deal of flexibility in assigning access permissions and password validation based on the client machine name, user name, or both. ACUCOBOL-GT runtimes provide built-in password-handling routines, or you can create your own password handling in your COBOL code using the Acu-Client-Password external variable.

In addition, AcuServer uses a security file called AcuAccess to support a wide range of access privileges, from very open to very restrictive. You choose the level of security best suited to your needs. The AcuAccess file is an encrypted Vision file. It contains one or more access records defining which users of which clients are permitted access to AcuServer. AcuAccess lets you specify individual user IDs that give users exactly the privileges they need, and no more.