|
-- Chuck Lewis <clewis@iquest.net> on 11/14/2001 01:29:25 PM Please respond to midrange-l@midrange.com To: midrange-l@midrange.com cc: (bcc: Gary Lea/Dextermag) Subject: Re: Mochasoft security hole We now have QAUTOCFG set to OFF and QAUTVRT set to zero. This seems to have solved the problem. We also discovered that if we varied off a device by using VRYCFG we were able to sign on to it using Mochasoft. That problem was overcome by setting the FRCVRYOFF parameter to *YES. Not a very elegant solutions but it solves our problem for now. Now all we need to do is remember that when we want to create a new device we need to turn that stuff back on temporarily. Thanks for all the suggestions. Thanks to Scott also for his suggestion to write a "Telnet device initialization" exit program that will check the device to see if it's currently varied off and for the exampe code. That will take more time and I will be working on it to implement a more elegant solution. Gary Lea <snip> Just saw Chuck Morehead's post to set it to 0. Here is yet another strange one... We have ours set to 1. I'm guessing it creates one new virtual device and then no more ? Here is why. Running NT and attaching to the AS/400 with TCP/IP via Synapse's 5250 IP product, we set the PC name to what we want the device to be and then the 5250 product adds and Sn (where n is a number starting with 1) to the end of that (i.e. PC name is GR30 so first 5250 session is GR30S1, second is GR30S2, etc.). I was setting up a new device yesterday and it would not create, until I increased the QAUTOVRT value... Another nasty about this way - there is no message sent to QSYSOPR when a device is created this way ! Why not I wonder; were they afraid that would cause to many messages with QPADEVxxx's or something ? I think that would be an acceptable risk and at least you could monitor for it... (?) Chuck <snip> _____________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. -- [ att1.eml of type application/octet-stream deleted ] --
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.