Best Practices for Replication Agent Security

Observe these best practices.

Replication Agent Confidential Data at the Operating System Level

When you create a resource file to create, configure, or initialize a Replication Agent instance, the resource file contains passwords in plain text, as well as host, port number, and username information.

To protect this confidential information, before creating the resource file, set the file and folder permissions for exclusive read and write access to the owner:
  • For UNIX, set the umask value to 077.
  • For Windows, set the folder security properties.
When the response file is no longer needed, delete it.

Replication Agent does not Restrict Access to Administrative Functions to Local Access

After you install, configure, and start a Replication Agent instance, you can log in either remotely (from another host) or locally (from the same host), depending on where you have installed Replication Server and isql or Sybase Control Center for Replication.

You can restrict access to administrative functions by changing the interfaces file entry to localhost or 127.0.0.1. For example, change:
[my_ra]
 query=NLWNSCK,my_host,10002
To: 
[my_ra]
 query=NLWNSCK,localhost,10002
Parent topic: Replication Agent Security