|
>From: Kevin_a_Layne@CRCMN.COM >A system value that does not allow default passwords >would be a good idea and is not there as of 4r4. >Kevin Layne Kevin, You could write your own Create User Profile program and Enable User Profile program to ensure default passwords are not used. Then use ANZDFTPWD to monitor. Schedule it to run nightly. I have seen many profiles get created with default passwords and the user never gets around to using the signon, or there's a delay of some weeks before they use it. This is a vulnerability, especially if the User Id naming format is easily guessed, which I suggest it would be for an insider. Forget the outside hacker, what percentage of security incidents occur from disgruntled staff? I don't know, but it is high. Greg _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
