MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » May 1999

Re: ODBC Security



fixed

John,

At 06:13 AM 5/6/99 -0700, you wrote:

>> I don't remember the problems with exit points (other than finding them
>> all), but the security strategy is (basically):

>The original knock on exit points was that they did not handle non-IBM
ODBC.  None
>of the third party ODBC vendors used the IBM ODBC exit points, they were
all using
>DRDA and prior to V4R1 DRDA had no exit point.  But IBM understood the
hole that
>this left for customers and put together a DRDA exit point for V4R2 and
then PTF'd
>it back to V4R1.

 The above points outs an actual hole that used to be there.  But the major
problem is that access to the /400 is constantly changing. If you don't
have an *Exclude / adopt kind of security scheme a new access method can
open a new security hole.

 -mark

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact