× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2005

Access to IFS Directory

Dear Bob,

Shannon is correct; removing the sign-on requirement would
increase what is most likely already a major security vulnerability.

The default authority settings for the root directory as shipped from
IBM are data authority *RWX and object authority *ALL.
This is equivalent to *PUBLIC having *ALL authority to QSYS and
create authority *ALL.  With IBM and many third party vendors
putting more and more data in the IFS, if you have not changed these
settings, anyone with an ID and Password can add, modify and delete
anything in the IFS.

We have a security analysis product called Bill of Health which
identifies this and many other potential vulnerabilities.
Bill of Health analyzes the specific vulnerabilities on a system,
explains why they are an issue, recommends the steps needed to
mitigate the vulnerability and things to consider before making the
changes.

I would be happy to provide more information about Bill of Health
off line. Here's a link: http://www.upisox.com/bill.html

Warm Regards,

Dean A. Olson
Director of Software Technology
Unbeaten Path International
North America: (888) 874-8008
International:  (262) 681-3151
dolson@xxxxxxxxxx



+++++++   +++++++   +++++++   +++++++   +++++++   +++++++
From: Shannon O'Donnell
To: midrange-l@xxxxxxxxxxxx
Sent: Wednesday, September 28, 2005 2:04 PM
Subject: RE: Access to IFS Directory

Wouldn't that be a security risk?



+++++++   +++++++   +++++++   +++++++   +++++++   +++++++
        From: "Bob O."<otis_the_cat@xxxxxxxxxxx>
        Sent: 9/28/05 1:42:12 PM
        To: midrange-l@xxxxxxxxxxxx
        Subject: Access to IFS Directory

        Is there a way to keep the password dialog box from showing up
        when PC's are booted and a mapped IFS folder is accessed?  I 
        looked in Ops Nav under "Permissions" for the folder.

        For Public, everything has a check mark except "Exclude".  Is there 
        some other setting that needs to be set to allow all users access 
        without entering their AS/400 password?

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.