|
Rob, could you add a command validation program to the RTVCLSRC command? Eric DeLong Sally Beauty Company MIS-Project Manager (BSG) 940-898-7863 or ext. 1863 -----Original Message----- From: rob@xxxxxxxxx [mailto:rob@xxxxxxxxx] Sent: Friday, December 19, 2003 10:45 AM To: Midrange Systems Technical Discussion Subject: Re: Disallowing RTVCMDSRC Yes we are using Turnover. I believe that we can justify the security. However, others always come up with the mythical emergency, which NEVER occurs. It's a struggle. Rob Berendt -- "All creatures will make merry... under pain of death." -Ming the Merciless (Flash Gordon) "Keith Carpenter" <CarpCon@xxxxxxx> Sent by: midrange-l-bounces@xxxxxxxxxxxx 12/19/2003 11:02 AM Please respond to Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx> To "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> cc Fax to Subject Re: Disallowing RTVCMDSRC Rob, To your original question about RTVCMDSRC. It cannot be disabled like you can disable RTVCLSRC. The reason is RTVCMDSRC works by reconstructing the source from the actual CMD object. RTVCLSRC works by reading a copy of the CL source stored in an associated space of the CL program. If the CLP is compiled ALWRTVSRC(*NO) then this copy of source is not available for RTVCLSRC. You could move the userid and password to the CL (with no debug or retrieve source options), but your cleaver programmer may still be able to figure it out. Out of curiosity, do you use a source control or change management system on your development box ? If so, it seems you should be able to justify setting up security just for that reason. Keith ----- Original Message ----- From: <rob@xxxxxxxxx> To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx> Sent: Friday, December 19, 2003 5:00 AM Subject: RE: Disallowing RTVCMDSRC > Will he still be able to see variable values? > Probably doesn't matter, the program called was written by his brother, > takes the user id and password and records them into a ftp script in > qtemp, runs the ftp script and then deletes itself. > In general I trust these fellows. Just trying to be a good corporate > citizen and not leave anything in the clear. > > Rob Berendt > -- > "All creatures will make merry... under pain of death." > -Ming the Merciless (Flash Gordon) > > > > > Joe Giusto <jgiusto@xxxxxxxxxxxxxx> > Sent by: midrange-l-bounces@xxxxxxxxxxxx > 12/18/2003 07:36 PM > Please respond to > Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx> > > > To > Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx> > cc > > Fax to > > Subject > RE: Disallowing RTVCMDSRC > > > > > > > Make the source type CLLE and compile (thru PDM) with option 14. F4 to > prompt, F10 for additional parms, pagedown and on the 'Debugging view' > parm > put *none. Then when doing strdbg, he will see only (Source not > available.) > > Joe Giusto II > Programmer/Analyst > Ritz Camera > Beltsville, MD > 301-479-3347 > > -----Original Message----- > From: rob@xxxxxxxxx [mailto:rob@xxxxxxxxx] > Sent: Thursday, December 18, 2003 4:15 PM > To: MIDRANGE-L@xxxxxxxxxxxx > Subject: Disallowing RTVCMDSRC > > > Due to the extremely weak security on our development machine, and the > lack of permission to do anything about it, I kept the source off the > system and thought I was being clever. Well, the newest programmer, (who > was working as an engineer at a different company before starting here and > > we just hired him as a programmer because he had the right aptitude and > his brother and dad are good) figured out how to use RTVCMDSRC to > decompile it. (He wanted to change the size of the password and user id > fields.) Granted, even if I could figure out how to create this command > so that RTVCMDSRC didn't work he'd figure it out (debug the CL program > called - he told me this, dang these new guys are clever) I'd still like > to do this if possible. Is there some option on CRTCMD that would work? > > Rob Berendt > -- > "All creatures will make merry... under pain of death." > -Ming the Merciless (Flash Gordon) > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing > list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@xxxxxxxxxxxx > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/mailman/listinfo/midrange-l > or email: MIDRANGE-L-request@xxxxxxxxxxxx > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > > _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l. _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.