× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




-----Original Message-----
From: bpcs-l-request@midrange.com [mailto:bpcs-l-request@midrange.com]
Sent: Monday, February 10, 2003 12:00 PM
To: bpcs-l@midrange.com
Subject: BPCS-L Digest, Vol 1, Issue 535


Send BPCS-L mailing list submissions to
        bpcs-l@midrange.com

To subscribe or unsubscribe via the World Wide Web, visit
        http://lists.midrange.com/mailman/listinfo/bpcs-l
or, via email, send a message with subject or body 'help' to
        bpcs-l-request@midrange.com

You can reach the person managing the list at
        bpcs-l-owner@midrange.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of BPCS-L digest..."


Today's Topics:

   1. Re: Security in 6.02 and 6.04 (DAsmussen@aol.com)
   2. Re: Requesting Info on Bar Code Data Collection Software for
      BPCS (DAsmussen@aol.com)
   3. Re: New Product Announcement - Reorg without locking files
      (DAsmussen@aol.com)
   4. RE: Security in 6.02 and 6.04 (Steve Segerstrom)


----------------------------------------------------------------------

message: 1
date: Sun, 9 Feb 2003 23:55:53 EST
from: DAsmussen@aol.com
subject: Re: Security in 6.02 and 6.04

Dear Fmanriq,

I cannot believe that, in all this time, you haven't even received a "please

clarify this" question.  For security, you start at the BPCS level assigning

people as users and allowing access on a program-by-program basis via
SYS600. 
 Later versions (yours included, I believe) allow function key and action 
code security for a limited number of programs.

The _real_ security starts at the AS/400 (iSeries/400) level, and SSA/GT
does 
not support this because I do not believe that they have a single person "in

house" that understands AS/400 security.  However, I have implemented the 
following scenario at a client site without repercussions.  Understand that 
it helps if you have a development machine to test this on first.

Everything is set to an ownership of "SSA".  This is an SSA requirement,
even 
though object ownership is irrelevant in the overall scheme of AS/400 
security.  All programs and files are set for *PUBLIC to *EXCLUDE.  This 
prevents anonymous FTP and ODBC from accessing critical files.

What, specifically, are you trying to secure?

Regards,

Dean Asmussen
Enterprise Systems Consulting, Inc.
Fuquay-Varina, NC  USA
E-mail:  DAsmussen@aol.com

"There is one difference between the taxidermist and the tax collector --
the 
taxidermist leaves the hide." -- Mortimer Caplin

In a message dated 1/31/03 11:57:53 PM Eastern Standard Time, 
fmanriq@yahoo.com writes:


> We have some BPCS instalation in a customer versions
> 6.02 and 6.04.
> 
> We need to know which general security issues could we
> implemented for improve security.
> 
> How can we improve security by ODBC connection.
> 


------------------------------

message: 2
date: Mon, 10 Feb 2003 01:55:07 EST
from: DAsmussen@aol.com
subject: Re: Requesting Info on Bar Code Data Collection Software for
        BPCS

Bill,

Actually, the latest version is called SDS.  I'm not sure that "thrilled" 
would be my description of the product.  It's just my opinion, but it
appears 
that the product name changes every time they "hack off" the requisite
number 
of customers...

JMHO,

Dean Asmussen
Enterprise Systems Consulting, Inc.
Fuquay-Varina, NC  USA
E-mail:  DAsmussen@aol.com

"There is one difference between a tax collector and a taxidermist -- the 
taxidermist leaves the hide." -- Mortimer Caplin

rd Time, BillNeill@ALBA1.COM writes:


>     We have been using the iWork dcServ product for years, and recently 
> upgraded to their new release, which is called ADC. We were happy with 
> dcServ, but are thrilled with the performance characteristics of the new 
> ADC release. You can call me at 828.879.6620 if you would like to discuss 
> the product from a user point of view.
> 


































































------------------------------

message: 3
date: Mon, 10 Feb 2003 02:26:43 EST
from: DAsmussen@aol.com
subject: Re: New Product Announcement - Reorg without locking files

Dear Mr. Shea,

While your mentioned web site was interesting, it was far from informative 
(other than purveying the knowledge of how to purchase your products).  How,

exactly, does one properly reorganize a physical file on the AS/400 "without

locking the files"?

Your "Still Not Convinced?" section pointed only to other "ArcTools" 
customers, and the comments from ALL of those references were vague AT BEST.

"Independent Software Reviewer"?  "Manager, Manufacturing Information 
Services, medical devices"?  "Partner, International Consulting Firm"?  I 
could go on, but the lack of a single person putting their name to a quote 
speaks for itself.

I believe that we can all agree that your archiving tool is a fine product.

I also believe that those of us that understand the AS/400 are going to need

more than the vague word of "AS/400 Consultant" to convince us that you can 
reorganize files without locking the system, unless you plan on lowering our

security levels...

Regards,

Dean Asmussen
Enterprise Systems Consulting, Inc.
Fuquay-Varina, NC  USA
E-mail:  DAsmussen@aol.com

"There is one difference between a tax collector and a taxidermist -- the 
taxidermist leaves the hide." -- Mortimer Caplin

10:41:12 AM Eastern Standard Time, DShea@arctools.com writes:


> DCSoftware is proud to announce the release of the ReorgWizard.
> 
> ReorgWizard allows AS/400 and iSeries shops to reorganize physical files
in
> place, without locking users out of the system.  If finding the time to do
> reorgs is a problem for your BPCS shop, please visit 
> http://www.arctools.com
> for more information.
> 






------------------------------

message: 4
date: Mon, 10 Feb 2003 11:12:11 -0600
from: "Steve Segerstrom" <SSegerstrom@intermatic.com>
subject: RE: Security in 6.02 and 6.04

I will comment briefly on ODBC; There are two methods - securing all objects
(with bpcs it gets to be tough) or to put in odbc user exit programs.

Look up ODBC user exit on the IBM web site and you will find the code that
you can use to ensure that anyone coming  in odbc can be checked against an
authorization list. Actually, the user exit is a shell and you can put in
your own checking here. From experience, it will keep you out of trouble
with a casual hacker (ie., super - user types); I am sure if anyone really
wanted to break it they could.

-----Original Message-----
From: DAsmussen@aol.com [mailto:DAsmussen@aol.com]
Sent: Sunday, February 09, 2003 10:56 PM
To: bpcs-l@midrange.com
Subject: Re: Security in 6.02 and 6.04


Dear Fmanriq,

I cannot believe that, in all this time, you haven't even received a "please

clarify this" question.  For security, you start at the BPCS level assigning

people as users and allowing access on a program-by-program basis via
SYS600. 
 Later versions (yours included, I believe) allow function key and action 
code security for a limited number of programs.

The _real_ security starts at the AS/400 (iSeries/400) level, and SSA/GT
does 
not support this because I do not believe that they have a single person "in

house" that understands AS/400 security.  However, I have implemented the 
following scenario at a client site without repercussions.  Understand that 
it helps if you have a development machine to test this on first.

Everything is set to an ownership of "SSA".  This is an SSA requirement,
even 
though object ownership is irrelevant in the overall scheme of AS/400 
security.  All programs and files are set for *PUBLIC to *EXCLUDE.  This 
prevents anonymous FTP and ODBC from accessing critical files.

What, specifically, are you trying to secure?

Regards,

Dean Asmussen
Enterprise Systems Consulting, Inc.
Fuquay-Varina, NC  USA
E-mail:  DAsmussen@aol.com

"There is one difference between the taxidermist and the tax collector --
the 
taxidermist leaves the hide." -- Mortimer Caplin

In a message dated 1/31/03 11:57:53 PM Eastern Standard Time, 
fmanriq@yahoo.com writes:


> We have some BPCS instalation in a customer versions
> 6.02 and 6.04.
> 
> We need to know which general security issues could we
> implemented for improve security.
> 
> How can we improve security by ODBC connection.
> 

_______________________________________________
This is the SSA's BPCS ERP System (BPCS-L) mailing list
To post a message email: BPCS-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/bpcs-l
or email: BPCS-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/bpcs-l.



------------------------------

_______________________________________________
This is the SSA's BPCS ERP System (BPCS-L) digest list
To post a message email: BPCS-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/bpcs-l
or email: BPCS-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/bpcs-l.



End of BPCS-L Digest, Vol 1, Issue 535
**************************************

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.