*SAVRST special authority can also negate *EXCLUDE access to
private objects that you do not want read.  A user with *SAVRST
is not prevented from viewing the contents of an object (sure,
there is a hoop or two to jump through, but it can be done).  It
might be viewed as *ALLREAD special authority.

jte


--
John Earl
johnearl@powertechgroup.com
The Powertech Group          www.powertechgroup.com
Kent, Washington, USA       +1 253-872-7788


----- Original Message -----
From: Evan Harris <spanner@ihug.co.nz>
To: <midrange-l@midrange.com>
Sent: Saturday, December 08, 2001 11:11 AM
Subject: Re: *SAVRST (was Re: ftp versions of SAVRST... )


> Tom
>
> Securing the restore commands is a great way to prevent
unauthorised
> production deployments -
> especially when you have hostile programmers on your site :)
>
> Nothing focuses the mind on locking things down like having a
group of
> people intent on breaking the rules !
>
> Cheers
>
> >Evan:
> >
> >On Fri, 07 December 2001, Evan Harris wrote:
> >
> > > I hate the idea that a password that has save/restore
capability ends up in
> > > a script, no matter how short the time frame.
> >
> >I'm glad this was mentioned. *SAVRST is dangerous, granting
the ability to
> >bring an AS/400 down (for all practical purposes) in a few
seconds. Few
> >sites control it unfortunately.
> >
> >Tom Liotta
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.