×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
We had "yet another security audit". This time we are getting dinged
because we have QMAXSGNACN sent to 1=Disable device. It is recommended
that we use 3=Disable device and profile. Their concern is that someone
could mount a Denial Of Service attack on us and disable all of our
virtual devices. My thought is, that if I set it to disable user profiles
wouldn't that just expand the DOS attack to include user profiles also?
Let's see, sign on 3 times and disable QSECOFR, then try QSYSOPR and
several others. Granted, you could use this to recover QSECOFR (which is
quite drastic)
http://publib.boulder.ibm.com/infocenter/iseries/v6r1m0/topic/rzamh/rzamhrecover.htm
or you could sign on as someone else with that level of authority and
reset it there.
Anyone with command line access can do a
wrkobj qusrsys/*all *msgq
and get a list of all your user profiles. I just signed on as this user
crtusrprf dummy
and was able to perform that. (Please do not take offense at the user
name - it's just a habit of mine. The operator knows to kill it on
sight.)
Rob Berendt
midrange.com
