To anyone paying attention: I better correct this before everyone starts wondering what this thread is about. I originally used "*SAVRST" but meant "*SAVSYS". Guess I was still thinking of Evan's term "save/restore". Tom Liotta On Wed, 12 December 2001, "John Earl" wrote: > *SAVRST special authority can also negate *EXCLUDE access to > private objects that you do not want read. A user with *SAVRST > is not prevented from viewing the contents of an object (sure, > there is a hoop or two to jump through, but it can be done). It > might be viewed as *ALLREAD special authority. > ----- Original Message ----- > From: Evan Harris <firstname.lastname@example.org> > > > > Securing the restore commands is a great way to prevent > unauthorised > > production deployments - > > especially when you have hostile programmers on your site :) > > > > Nothing focuses the mind on locking things down like having a > group of > > people intent on breaking the rules ! > > > > >On Fri, 07 December 2001, Evan Harris wrote: > > > > > > > I hate the idea that a password that has save/restore > capability ends up in > > > > a script, no matter how short the time frame. > > > > > >I'm glad this was mentioned. *SAVRST is dangerous, granting > the ability to > > >bring an AS/400 down (for all practical purposes) in a few > seconds. Few > > >sites control it unfortunately. -- Tom Liotta The PowerTech Group, Inc. 19426 68th Avenue South Kent, WA 98032 Phone 253-872-7788 Fax 253-872-7904 http://www.400Security.com ___________________________________________________ The ALL NEW CS2000 from CompuServe Better! Faster! More Powerful! 250 FREE hours! Sign-on Now! http://www.compuserve.com/trycsrv/cs2000/webmail/
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.