• Subject: Re: Security: interesting reading.
  • From: dhandy@xxxxxxxxxxx (Douglas Handy)
  • Date: Sat, 06 Nov 1999 17:29:17 -0500

Paul,

>Any chance you can let us know what objects are involved and what security
>is needed to block access to them?

Sure -- it's no secret and readily available in the manuals.  There is
an API documented in the Security APIs manual called QSYRUPWD which
will Retrieve Encrypted User Passwords.

It is intended for use with QSYSUPWD to set encrypted passwords to
facilitate mirroring user profile activity on multiple systems.  These
APIs have been discussed in this forum before because they are what
are used to propagate password changes between AS/400's.

Both APIs are shipped with *PUBLIC *EXCLUDE and are owned by QSYS, so
I wouldn't lose any sleep over it.  Access to the APIs is already
blocked by default.  My assumption was that Don probably was QSECOFR
on a system, so he could run the API and dump the results.

In case it is not painfully obvious, the post was intended for Don's
private email, but got misdirected back to Midrange-L. :(  And I think
that is all I care to say about this subject now...

Doug
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].