MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » September 2012

RE: Using QSYRUPWD to write a script file



fixed

I have used script files for FTP access, too, though it's been awhile. Even
if you could retrieve the password, wouldn't putting it into a script
violate your own security? I.e., the file could be retrieved with the
password in plain text.

Reminds me of a medical records software firm that put the password to their
application in plain text. A clear violation of HIPPA, but there it was (a
colleague and I found it accidentally while doing some consulting work a few
years ago).

Getting back to your case, I am guessing that this is for a batch process.
A guess because, if it was interactive, you could display your own panel for
the user name + password and scrape those off. I did that for an internal
process at a former employer, and deleted the script afterwards. Not HIPPA
compliant either, but we weren't regulated by HIPPA, SOX, or anyone else
(excluding the IRS, of course!).

Jerry C. Adams
IBM i Programmer/Analyst
You're not drunk if you can lie on the floor without holding on. -Dean
Martin





Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact