× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. May 2007

Re: AW: Can I create an ALWUPD/ALWDLT *No file with embeded SQL?

Yes, we do not trust the QSECOFR on the boxes where our application runs.
Auditters have also the tendency to not trust QSECOFR.
Our QSECOFR we trust. Someone elses QSECOFR we might trust but better sure than
sorry.

Not necessarely this file must be created with SQL.
SQL was one of the possible options to create a externally described file on
the fly.
Doing things from a source and compiling this is not an option because:
- We do not have that environment under our control.
- Do not know what features they have installed (can we compile?).
- Source can be changed (we do not use any scripting language either) and that
is far to risky.

So now we have decided on Copy and Check tricks.
All files that need handling have a parent file (with the right atributes set).
When needed we Create a new file based on the Parent.
When using the file we check ObjectCreation date/time to check if we have
created the file (and not someone else).
This procedure is not fool proof but you will need the manual (what manual?) to
fiddle with it.

Regards,
Eduard,


----- Original Message ----
From: Bob P. Roche <BRoche@xxxxxxxxxxxxxxxxx>
To: RPG programming on the AS400 / iSeries <rpg400-l@xxxxxxxxxxxx>
Sent: Wednesday, May 30, 2007 11:34:02 AM
Subject: Re: AW: Can I create an ALWUPD/ALWDLT *No file with embeded SQL?


Sorry, but I always wonder why people need to prevent QSECOFR from
doing something. If you can't trust your "SECURITY OFFICER", you have
bigger problems. QSECOFR should never be restricted, in my opinion. The
whole point of this profile is to do things no one else can.If have a
problem later and need to do something, I never want to here someone say
call IBM to fix that. No one, not even QSECOFR can do that. We secured
that option. QSECOFR should have all access. you then secure the QSECOFR
profile.
I know this still leaves you the problem of securing the file, as
the original question asked. I have one question. Why do you have to
create it using SQL? From what everyone has said, DDS will give you what
you want. Just use the right tool for the job. In this case, DDS for this
particular file.




"Raul A. Jager W." <raul@xxxxxxxxxx>
Sent by: rpg400-l-bounces@xxxxxxxxxxxx
05/30/2007 10:20 AM
Please respond to
RPG programming on the AS400 / iSeries <rpg400-l@xxxxxxxxxxxx>


To
RPG programming on the AS400 / iSeries <rpg400-l@xxxxxxxxxxxx>
cc

Subject
Re: AW: Can I create an ALWUPD/ALWDLT *No file with embeded SQL?






This will work until somebody uses "GRANT".
How can we keep everybody (even QSECOFR) from giving a GRANT or CHGAUT?

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.