|
Dave, >The LOGINP exposure was "public" knowledge on the /38 back in the '80's - I was still stuck on the S/36 then. :( I do remember reading a Q38 article (by Ken Kelly?) on how to view the clear-text passwords in QSYUPTBL, but at the time I did not work on the S/38... I didn't see the article until I was on V1R1 of OS/400. (Which is also the last time I read it, so I'm not 100% positive on the author.) >Even today, I'll bet >the answer is likely to be something like "secure your subsystems so that >the display files can't be changed illegitimately". I think this is a legitimate answer. I don't consider this a "bug". But neither do I recall ever being told to guard against it, or verify before promoting to production that it wasn't added by a rogue programmer. Maybe I just haven't paid enough attention over the years and this was common knowledge. Wouldn't be the first time. <g> >Come up with an implementation that won't break legitimate uses of the >function, please. I'm not asking for one. I just thought there should have been the collective sound of a slapping of the hand to the forehead as we all said: "Why didn't I think of that?" Doug +--- | This is the MI Programmers Mailing List! | To submit a new message, send your mail to MI400@midrange.com. | To subscribe to this list send email to MI400-SUB@midrange.com. | To unsubscribe from this list send email to MI400-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: dr2@cssas400.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
