Could the "QIBM_QZSO_SIGNONSRV ZSOY0100 TCP Signon Server" be used to validate the session address and log that machine on as a specific user? I don't know much about exit point programming yet.... Another question, in Client Access Express, I see a program CWBLOGON.EXE that appears to cache the logon information. Does anyone know how/if that works? Eric DeLong Sally Beauty Company MIS-Sr. Programmer/Analyst 940-898-7863 or ext. 1863 -----Original Message----- From: John Earl [mailto:email@example.com] Sent: Thursday, September 20, 2001 11:16 AM To: firstname.lastname@example.org Subject: Re: Auto Signon > Scary is right! From an auditor's viewpoint, the generally recommended best > practice setting is *FRCSIGNON. *FRCSIGNON has it's own risks, and I don't believe that this is a blanket recommendation from Auditors who understand OS400. If you require every user who connects to your iSeries to go through the DDS signon screen (QDSIGNON) every time they connect, then you guarantee that OS/400 passwords will be sent across your network in clear text. The Client Access signon server will encrypt passwords and compare encrypted values. DDS will likely never be smart enough to do that. That being said, even if you allow bypass signon you may still be sending clear text passwords if you are using the OS/400 System value QINACTITV to time out inactive sessions. Usually, once you time out a session, you cause the QDSIGNON screen to display once again and run the risk of an plain text password transmission. jte -- John Earl email@example.com The Powertech Group www.powertechgroup.com Kent, Washington, USA +1 253-872-7788 _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-Lfirstname.lastname@example.org Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
This mailing list archive is Copyright 1997-2015 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact