Documentation - V-213670

Title

DB2 must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

Description

<VulnDiscussion>Database management includes the ability to control the number of users and user sessions utilizing a DBMS. Unlimited concurrent connections to the DBMS could allow a successful Denial of Service (DoS) attack by exhausting connection resources; and a system can also fail or be degraded by an overload of legitimate users. Limiting the number of concurrent sessions per user is helpful in reducing these risks. This requirement addresses concurrent session control for a single accou...

Fix Text (Documentation Requirement)

Create the stored procedure per organization guidelines to restrict the number of concurrent sessions using the CREATE or REPLACE procedure: DB2> CREATE or REPLACE PROCEDURE <DBINST1.MY_CONNECT> (Example below.) Update the database CONNECT_PROC parameter to set to the procedure created in previous step: $db2 update db cfg using CONNECT_PROC db2inst1.my_connect Grant execute to the public to connect the procedure. DB2> GRANT EXECUTE ON procedure <schema>.MY_CONNECT_MAIN TO PUBLIC Note: This is an example. Modify and test to comply with organization policy. CREATE OR REPLACE PROCEDURE db2inst1.my_connect_main() BEGIN DECLARE vcount integer; DECLARE vcount_admin integer; SELECT COUNT(*) INTO vcount FROM table(mon_get_connection(NULL, NULL, 0)) WHERE session_auth_id = sessi...