× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2003

Re: Security questions

Oliver,

>but object level security still applies for this kind of access, doesn't
>it?

You are correct that object level security, IF YOU HAVE IMPLEMENTED IT
CORRECTLY, will protect you.  If *READ or *USE is truely the authority you
want your users to have to your data, then you're ok. But you really need
to understand which servers you have active and how someone might be able
to use one or more of them to read the data into their PC and then you've
lost control over it.

The exit point products are potentially still useful even if you have rock
solid object level security (I would argue rock solid object level security
is necessary even with these products, but that's another discussion). It
gives you another layer of defense and, more importantly, the good ones
will give you much more flexibility than the OS will. For example, some of
them let you deny/allow access during specified timeframes.


Patrick Botz
Senior Technical Staff Member




>2.)  Think about the ability of users to run commands outside of the
>command line process - remote commands, 3rd party software command
>lines,etc.  A PC user with the ability to run remote commands won't be
>stopped by the limited access setting.  I won't name names but we have a
>3rd party software that provides their own menu system and command line
>interface - guess what - limited capability is never brought into play.


but object level security still applies for this kind of access, doesn't
it?

I see we will need to look into some of these security utilities.

I understand, without some kind of exit-point programming, you can't stop
this
remote access?

Thanks,

OLiver

_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.