|
>Why customize... I like to customize the signon screen to change the text that identifies which field is User Id, and which field is "Password", should the telnet data be scanned. In the data stream, the password immediately follows the text "Password ...." Try and make it look like any other user screen. I've used "Name" and "Account" or "Name" and "Code". I also removed the other scannable text like "System ....", etc. Also change cpf messages to not specifically identify user id & password failures. CHGMSGD MSGID(CPF1107) MSGF(QCPFMSG) MSG('Entry not + correct.') SECLVL('Entry not correct.') CHGMSGD MSGID(CPF1120) MSGF(QCPFMSG) MSG('Entry not + correct.') SECLVL('Entry not correct.') If you think this is too picky - "who's going to bother" - my current customer (an insignificant named mid-size co) caught employees scanning the local network with a free-download tool. jim franz ----- Original Message ----- From: "Neil Palmer" <neilp@dpslink.com> To: <midrange-l@midrange.com> Sent: Saturday, November 30, 2002 3:32 AM Subject: RE: More on AS400 Signon screen > John said: > "The second reason is to place a warning message on the Signon screen > that identifies the information within as being proprietary, and not > free and open to the general public." > > > On the other hand they may just see that as a challenge on an otherwise > boring companys site they would have passed by. ;-) > > > ...Neil > > > > > > "John Earl" <john.earl@powertechgroup.com> > > > > To: <midrange-l@midrange.com> > cc: > Subject: RE: More on AS400 Signon screen > > > Trevor, > > Very quickly, two good reasons come to mind. First, to eliminate the > "Program" "Library" and "Menu" fields from the Signon screen. Some > sites view these input capable fields as unnecessary security exposures > ? especially if you have an important reason why _your_ initial program > should always run first. > > The second reason is to place a warning message on the Signon screen > that identifies the information within as being proprietary, and not > free and open to the general public. This in itself is not a so much a > security measure as it is a safeguard in the event of legal action - > some jurisdictions have identified that a specific "Keep Out" type of > warning is necessary in order for hackers and other miscreants to know > that yours is not a "open" system. > > jte > > > > > John Earl - john.earl@powertechgroup.com > The PowerTech Group - Seattle, WA > +1-253-872-7788 - www.powertech.com > > -----Original Message----- > From: midrange-l-admin@midrange.com > [mailto:midrange-l-admin@midrange.com] On Behalf Of trevor perry > Sent: Friday, November 29, 2002 9:35 PM > To: midrange-l@midrange.com > Subject: More on AS400 Signon screen > > Related to this, I have a pushy question.. (And, BTW, this is not > picking on > anyone in particular.) > > I was wondering why we so often feel the need to change the signon > screen. > Our companies/customers are paying us to provide services that allow > their > businesses to operate. How is it that we, the service provider, find > that we > can charge our time for modifying the signon screen - something that has > (IMHO) zero business value? > > I ask this a lot of my customers when I am refacing applications, and > the > general answer is "because we can". I am very interested in other > "reasons" > or reasoning. Is this one of the few times we can be artists? What > positive > business impact does it have? > > Thanks in advance, > Trevor > ~~~~~~~~~~~~~~~~~~~~~~~ > trevorp@looksoftware.com > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > > > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.