|
See comments in-line. Chuck ----- Original Message ----- From: "jt" <jt@ee.net> To: <midrange-l@midrange.com> Sent: Saturday, December 08, 2001 11:48 AM Subject: RE: CD Burning software? > Sorry, Chuck, but I'm still not gettin' it... > > Does it adopt authority, or something...? Anyway, my understanding of the > LODRUN (which is partial) is that it does a restore and a call, > essentially... Correct, and the program that it restores and calls must be owned by QSYS, so it has some security risk. However, IMHO, this is not an exposure that is likely to be exploited. To be exploited the vendor providing the CD must have either intentionally coded the program to do something bad to your system, or made a big mistake in coding that caused damage to your system. Either way, that vendor will be out of business quickly. >If you have a device that allows RSTLIB, I'm not sure how > that's a whole lot MORE secure. (Maybe some...) > > Besides which, who's responsible for security of access to the LODRUN > command? Each shop, or Brad's coders...? > > IMV, that's a shop responsibility and you can go WAY too far trying to save > somebody from themselves. *May* have cost Brad a sale, in this particular > case. So while I may not understand the exposure, I'm not at all sure of > the wisdom of leaving this functionality out. I personally agree with you - IMV this is not a potential security exposure that is worth restricting functionality for. > > Welcome to comments on both issues, of course. > > jt >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
