× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I will comment briefly on ODBC; There are two methods - securing all objects 
(with bpcs it gets to be tough) or to put in odbc user exit programs.

Look up ODBC user exit on the IBM web site and you will find the code that you 
can use to ensure that anyone coming  in odbc can be checked against an 
authorization list. Actually, the user exit is a shell and you can put in your 
own checking here. From experience, it will keep you out of trouble with a 
casual hacker (ie., super - user types); I am sure if anyone really wanted to 
break it they could.

-----Original Message-----
From: DAsmussen@aol.com [mailto:DAsmussen@aol.com]
Sent: Sunday, February 09, 2003 10:56 PM
To: bpcs-l@midrange.com
Subject: Re: Security in 6.02 and 6.04


Dear Fmanriq,

I cannot believe that, in all this time, you haven't even received a "please 
clarify this" question.  For security, you start at the BPCS level assigning 
people as users and allowing access on a program-by-program basis via SYS600. 
 Later versions (yours included, I believe) allow function key and action 
code security for a limited number of programs.

The _real_ security starts at the AS/400 (iSeries/400) level, and SSA/GT does 
not support this because I do not believe that they have a single person "in 
house" that understands AS/400 security.  However, I have implemented the 
following scenario at a client site without repercussions.  Understand that 
it helps if you have a development machine to test this on first.

Everything is set to an ownership of "SSA".  This is an SSA requirement, even 
though object ownership is irrelevant in the overall scheme of AS/400 
security.  All programs and files are set for *PUBLIC to *EXCLUDE.  This 
prevents anonymous FTP and ODBC from accessing critical files.

What, specifically, are you trying to secure?

Regards,

Dean Asmussen
Enterprise Systems Consulting, Inc.
Fuquay-Varina, NC  USA
E-mail:  DAsmussen@aol.com

"There is one difference between the taxidermist and the tax collector -- the 
taxidermist leaves the hide." -- Mortimer Caplin

In a message dated 1/31/03 11:57:53 PM Eastern Standard Time, 
fmanriq@yahoo.com writes:


> We have some BPCS instalation in a customer versions
> 6.02 and 6.04.
> 
> We need to know which general security issues could we
> implemented for improve security.
> 
> How can we improve security by ODBC connection.
> 

_______________________________________________
This is the SSA's BPCS ERP System (BPCS-L) mailing list
To post a message email: BPCS-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/bpcs-l
or email: BPCS-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/bpcs-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.