Certainly not a situation unique to our platform, but one that could be
solved if software authors would place more emphasis on its importance..

The vendors of such software may be as uneducated in security as some of the user community. Also, just like Microsoft's experience, it may take a user revolt and an effect on their bottom line to get them to allocate resources towards security.
Jim Franz

----- Original Message ----- From: "Carey Jeff - jcarey" <Jeff.Carey@xxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Monday, November 06, 2006 5:19 PM
Subject: RE: iSeries Security in Computerworld

I think one of the biggest problems is "vendor enforced" holes in
security.  For instance, one client has a popular ERP package that was
developed before network attachment to System i (actually, at the time
S/38).  So security is all at the application level, and a common owner
owns all the data files.

This underlying security model is carried forward, so now, even though
the ERP has its own Client/Server implementation and users routinely do
things like downloading files into Excel, the objects are still owned by
one user with all authority to them, and everyone is pretty much a
member of that user's group.

That of course means someone with a legit signon can do things like see
data that they couldn't via the green screen app, and, what's worse,
alter or delete data (once had a developer drop a table in production
instead of test in error!).

The answer they use is exit point programs, but this adds a layer of
admin and is not completely bulletproof.  Natively, though, it's hard to
enforce read write through the green screen app, but read only to some
files and exclude from others via other means without exit point

What makes it all the more difficult is the vendor can offer little
guidance on what files users can safely be locked out of.

Certainly not a situation unique to our platform, but one that could be
solved if software authors would place more emphasis on its importance.

Jeff Carey
Acxiom Corp.
Join Toastmasters!

COMMON 2007 Annual Conference

Join iSociety
The information contained in this communication is confidential, is
intended only for the use of the recipient named above, and may be
legally privileged.

If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited.

If you have received this communication in error, please resend this
communication to the sender and delete the original message or any copy
of it from your computer system.

Thank you.

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page