|
Johny, Johnny Helms wrote: > I am looking for suggestions on how to secure a current production AS/400 > that has programmer's using DFU to change data in files. We do have a > development system and I thought change management would allow this > practice to be ended. However, after talking with Aldon, they have no > suggestions. The reason I am trying to end this practice is due to an > Audit we recently had that we failed miserably. How about if you remove the programmers ability to change the data? Create an authorization list, and attach it to all of the datafiles in your production library. Next, add all the programmers to the list with either *USE or (if you don't want them to even see it) *EXCLUDE authority. Now programmers will not be able to update the data with DFU or any other tool. If you just secure the DFU commands, someone will use DBU, or SQL, or WRKDBF, or a quick and dirty RPG program, or ??? to change the data. jte -- John Earl johnearl@400security.com The PowerTech Group 206-575-0711 PowerLock Network Security www.400security.com -- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
