• Subject: Re: Electronic Signatures
  • From: John Earl <johnearl@xxxxxxxxxxxxxxxxxx>
  • Date: Sun, 19 Sep 1999 15:04:20 -0700
  • Organization: The PowerTech Group

Bob Crothers wrote:

> But, the Get Profile Handle API does require a valid password or it
> will not return a valid handle.

If you have *USE authority to a profile, QSYGETPH will accept the string 
in the password field.  Works great, I use it all the time.

> At least via the API's.  Of course, you could just create a job
> description referencing the profile (you must have *USE to do this), do
> a submit job and away you go.

Actually, you only need *USE authority to the profile in question if you are at
QSECURITY level 40 and above.  At level 30 and below, *USE authority to the JOBD
is sufficiennt, their are no authority requirements to the profile itself.  :(

> Ignition has been achieved and you are
> running as the profile.  Verifying my previous statement that there is
> more danger in OS/400 commands than the API's.  And actually, the
> danger is not the commands, but sloppy security by the security
> officer.

It's hard to argue with this.   As you noted, the API's are secured as shipped,
and by default profiles are secure when created, so unless one is careless, this
should not be an issue.


John Earl                                           johnearl@powertechgroup.com
The PowerTech Group                        206-575-0711
PowerLock Network Security              www.400security.com
The 400 School                                www.400school.com

| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].