× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2002

OS/400 User Account Name Disclosure Vulnerability

--
[ Picked text/plain from multipart/alternative ]
I'm very happy to see you looking at IBM's AS/400 for possible security
weaknesses. Having been a user and developer on the AS/400 and its
predecessor, System/38, for a dozen years, I have seen it to be a very
secure platform. Properly administered, it would be extremely difficult to
hack it. It's almost impossible to put a worm or virus or similar item on it.

This so-called vulnerability is well known and has never been considered a
weakness in that community. To get to this point, a user is already signed
on to the system. You cannot get to this through any other means than to
have signed on to an active session. Therefore, you already have access to
the machine.

There are settings in the individual user's parameters (contained in an
object called a user profile) that can limit the ability to use the command
line of an interactive session. This would prevent a user from using a
command called DSPLIB (display library), which would allow a user to see
the contents of the library called QSYS, where the user profiles are
stored. Most users would not have the authority to change or delete any of
these things, unless specifically allowed to.

There is a manual, Tips and Tools for Securing Your iSeries, on the IBM
iSeries/AS400 site,
http://publib.boulder.ibm.com/html/as400/v5r1/ic2924/books/c4153005.pdf,
that might be helpful for you to look at.

Thanks

Vern Hamberg

Would you like to see a challenging little arithmetic puzzle
that might get you or your kids or grandkids more interested
in math? Go to <http://cgi.wff-n-proof.com/MSQ-Ind/I-1E.htm>

Sillygism--

Something is better than nothing.
Nothing is better than a ham sandwich.
Ergo
Something is better than a ham sandwich.
--

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.