|
John, I agree that DSPOBJD only returns profiles you are authorized to. Just tested it on my V3R7 system. But, the Get Profile Handle API does require a valid password or it will not return a valid handle. And without a valid profile handle, you can not call the Set Profile API. So I disagree with the statement that <<However, any profile that you can _see_, you can become. The API's do not require that you supply a password if you have *USE authority to the profile>> At least via the API's. Of course, you could just create a job description referencing the profile (you must have *USE to do this), do a submit job and away you go. Ignition has been achieved and you are running as the profile. Verifying my previous statement that there is more danger in OS/400 commands than the API's. And actually, the danger is not the commands, but sloppy security by the security officer. BTW, by default, profiles are NOT authorized to each other. Profiles are created with *PUBLIC *EXCLUDE. If you change this, do so at your own risk! Regards, Bob Crothers ----- Original Message ----- From: John Earl <johnearl@powertechgroup.com> To: <MIDRANGE-L@midrange.com> Sent: Sunday, September 19, 1999 8:43 AM Subject: Re: Electronic Signatures > Both WRKUSRPRF and WRKOBJ only show those profile objects that you already have > *USE authority to. If you're not an *ALLOBJ user you won't see most user > profiles. > > However, any profile that you can _see_, you can become. The API's do not > require that you supply a password if you have *USE authority to the profile. > So a logical approach would be to swap to every profile that you have use > authority to and then run the WRKUSRPRF command and see what preofiles it had > authority to, etc. etc. etc. > > jte > +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.