|
Certainly not a situation unique to our platform, but one that could be solved if software authors would place more emphasis on its importance..
The vendors of such software may be as uneducated in security as some of the user community. Also, just like Microsoft's experience, it may take a user revolt and an effect on their bottom line to get them to allocate resources towards security.
Jim Franz----- Original Message ----- From: "Carey Jeff - jcarey" <Jeff.Carey@xxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> Sent: Monday, November 06, 2006 5:19 PM Subject: RE: iSeries Security in Computerworld
I think one of the biggest problems is "vendor enforced" holes in security. For instance, one client has a popular ERP package that was developed before network attachment to System i (actually, at the time S/38). So security is all at the application level, and a common owner owns all the data files. This underlying security model is carried forward, so now, even though the ERP has its own Client/Server implementation and users routinely do things like downloading files into Excel, the objects are still owned by one user with all authority to them, and everyone is pretty much a member of that user's group. That of course means someone with a legit signon can do things like see data that they couldn't via the green screen app, and, what's worse, alter or delete data (once had a developer drop a table in production instead of test in error!). The answer they use is exit point programs, but this adds a layer of admin and is not completely bulletproof. Natively, though, it's hard to enforce read write through the green screen app, but read only to some files and exclude from others via other means without exit point programs. What makes it all the more difficult is the vendor can offer little guidance on what files users can safely be locked out of. Certainly not a situation unique to our platform, but one that could be solved if software authors would place more emphasis on its importance. Jeff Carey Acxiom Corp. Join Toastmasters! http://www.toastmasters.org/ COMMON 2007 Annual Conference http://www.common.org/conferences/2007/annual/ Join iSociety http://isociety.common.org/ ************************************************************************* The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please resend this communication to the sender and delete the original message or any copy of it from your computer system. Thank you. ************************************************************************* --This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing listTo post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.