× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2001

Re: Mochasoft security hole

--










Chuck Lewis <clewis@iquest.net> on 11/14/2001 01:29:25 PM

Please respond to midrange-l@midrange.com








 To:      midrange-l@midrange.com

 cc:      (bcc: Gary Lea/Dextermag)



 Subject: Re: Mochasoft security hole








We now have QAUTOCFG set to OFF and QAUTVRT set to zero.  This seems to have
solved the problem.  We also discovered that if we varied off a device by using
VRYCFG we were able to sign on to it using Mochasoft.  That problem was overcome
by setting the FRCVRYOFF parameter to *YES.  Not a very elegant solutions but it
solves our problem for now.

Now all we need to do is remember that when we want to create a new device we
need to turn that stuff back on temporarily.

Thanks for all the suggestions.

Thanks to Scott also for his suggestion to write a "Telnet device
initialization" exit program that will check the device to see if it's
currently varied off and for the exampe code.  That will take more time and I
will be working on it to implement a more elegant solution.

Gary Lea


<snip>
Just saw Chuck Morehead's post to set it to 0. Here is yet another strange
one... We
have ours set to 1. I'm guessing it creates one new virtual device and then no
more
? Here is why. Running NT and attaching to the AS/400 with TCP/IP via Synapse's
5250
IP product, we set the PC name to what we want the device to be and then the
5250
product adds and Sn (where n is a number starting with 1) to the end of that
(i.e.
PC name is GR30 so first 5250 session is GR30S1, second is GR30S2, etc.). I was
setting up a new device yesterday and it would not create, until I increased the
QAUTOVRT value...

Another nasty about this way - there is no message sent to QSYSOPR when a device
is
created this way ! Why not I wonder; were they afraid that would cause to many
messages with QPADEVxxx's or something ? I think that would be an acceptable
risk
and at least you could monitor for it... (?)

Chuck
<snip>
_____________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
[ att1.eml of type application/octet-stream deleted ]
--

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.