• Subject: Re: Electronic Signatures
  • From: "Bob Crothers" <bob@xxxxxxxxxxxxxx>
  • Date: Sun, 19 Sep 1999 10:55:22 -0500
  • Organization: Cornerstone Communications

John,

I agree that DSPOBJD only returns profiles you are authorized to.  Just
tested it on my V3R7 system.

But, the Get Profile Handle API does require a valid password or it
will not return a valid handle.

And without a valid profile handle, you can not call the Set Profile
API.

So I disagree with the statement that <<However, any profile that you
can _see_, you can become.   The API's do not require that you supply a
password if you have *USE authority to the profile>>

At least via the API's.  Of course, you could just create a job
description referencing the profile (you must have *USE to do this), do
a submit job and away you go.  Ignition has been achieved and you are
running as the profile.  Verifying my previous statement that there is
more danger in OS/400 commands than the API's.  And actually, the
danger is not the commands, but sloppy security by the security
officer.

BTW, by default, profiles are NOT authorized to each other.  Profiles
are created with *PUBLIC *EXCLUDE.  If you change this, do so at your
own risk!

Regards,
Bob Crothers


----- Original Message -----
From: John Earl <johnearl@powertechgroup.com>
To: <MIDRANGE-L@midrange.com>
Sent: Sunday, September 19, 1999 8:43 AM
Subject: Re: Electronic Signatures


> Both WRKUSRPRF and WRKOBJ only show those profile objects that you
already have
> *USE authority to.  If you're not an *ALLOBJ user you won't see most
user
> profiles.
>
> However, any profile that you can _see_, you can become.   The API's
do not
> require that you supply a password if you have *USE authority to the
profile.
> So a logical approach would be to swap to every profile that you have
use
> authority to and then run the WRKUSRPRF command and see what
preofiles it had
> authority to, etc. etc. etc.
>
> jte
>


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].