Keep in mind that the FTP server can initiate some of these commands using
the quote RCMD subcommand.  Scary.  Hope Dave keeps the hackers out, we are
giving them too many good ideas.
CJG
Carl Galgano
EDI Consulting Services, Inc.
540 Powder Springs Street
Suite C19
Marietta, GA  30064
770-422-2995
mailto: cgalgano@ediconsulting.com
http://www.ediconsulting.com
EDI, Communications and AS400 Technical Consulting

-----Original Message-----
From: Bob Crothers <bob@cstoneindy.com>
To: 'MIDRANGE-L@midrange.com' <MIDRANGE-L@midrange.com>
Date: Thursday, September 16, 1999 4:05 PM
Subject: RE: Electronic Signatures


>Don,
>
>A list of users is easy...I'll even bet you already know how to do it.
>
>BTW, if your goal is just to screw up the system, create a scheduled
>job entry to do a pwrdwnsys every few hours.
>
>Or better yet: DLTPGM QSYS/*ALL
>
>The best thing of all is to go into strsst and rename the QSYS library
>(did that one time at IBM's direction...life was much worse after than
>before)...this will totally screw a machine.
>
>Of course, with any of the above things, your new job title would
>probably be "Unemployed".
>
>My point is that very few things can not be abused.  Some are harder.
> If my goal was to cause problems, don't think I would resort to
>obscure API's...to much work and can do so much better with os/400
>commands.
>
>Bob
>
>-----Original Message-----
>From: Schenck, Don [SMTP:Don.Schenck@WL.com]
>Sent: Thursday, September 16, 1999 11:56 AM
>To: 'MIDRANGE-L@midrange.com'
>Subject: RE: Electronic Signatures
>
>Cool ... that means one could create a REALLY COOL program:
>
>It keeps calling the API with different user names until all of the
>users
>are disabled!
>
>A MAJOR pain for the sysadmin!
>
>So HOW does one go about getting a list of users????
>
>-- Don
>
>-----Original Message-----
>From: Bob Crothers [mailto:bob@cstoneindy.com]
>Sent: Thursday, September 16, 1999 10:55 AM
>To: 'MIDRANGE-L@midrange.com'
>Subject: RE: Electronic Signatures
>
>
>Rob,
>
>As shipped, run time access to these API's is restricted.  And of
>course, before you can even use it, you must a) have a program and b)
>beable to execute the program.
>
>So...it would only help if you already have access to the system you
>are trying to get into...actually, quite a bit of access.
>
>BTW, the Get Profile Handle DOES disable the profile after the max
>number of signon attempts has been exceeded.  I just tested it (V3R7
>system).
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
>| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
>| To unsubscribe from this list send email to
>MIDRANGE-L-UNSUB@midrange.com.
>| Questions should be directed to the list owner/operator:
>david@midrange.com
>+---
>
>+---
>| This is the Midrange System Mailing List!
>| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
>| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
>| To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
>| Questions should be directed to the list owner/operator:
david@midrange.com
>+---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].