× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



well, WRKACTJOB is just an example I used.  If user can call qcmdexc, the 
LMTCPB is pretty much useless and to look thru and secure all the ibm commands 
is not an easy task.  sooo, The next question would probably be:  why not just 
secure the call command or qcmdexc program.  Well, having some problems with it 
at the moment.  These two objects are so commonly use that some other problems 
are popping up when securing them.  oh, well, its a fun day.





-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of CWilt@xxxxxxxxxxxx
Sent: Tuesday, November 16, 2004 9:57 AM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: security hole in interactive sql call statement?


If the IBM defaults are not good enough for you, then that is your only
option.

IBM ships WRKACTJOB with PUBLIC *USE.

You apparently don't want everybody to be able to use it, so you're only
choice is to change it and any similar command to PUBLIC *EXCLUDE.

Of course, this begs the question...why do you think the public shouldn't be
allowed to use WRKACTJOB?

The IBM defaults should be plenty secure enough for 99.9% of the shops out
there.

Charles Wilt
iSeries Systems Administrator / Developer
Mitsubishi Electric Automotive America
ph: 513-573-4343
fax: 513-398-1121
 

> -----Original Message-----
> From: Lim Hock-Chai [mailto:Lim.Hock-Chai@xxxxxxxx]
> Sent: Tuesday, November 16, 2004 10:07 AM
> To: Midrange Systems Technical Discussion
> Subject: RE: security hole in interactive sql call statement?
> 
> 
> are you suggesting putting security on all ibm commands?  
> doesn't sound like a simple task.  Any suggestion on how to 
> implementer this?  
> 
> 
> 
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx]On Behalf Of 
> CWilt@xxxxxxxxxxxx
> Sent: Tuesday, November 16, 2004 8:58 AM
> To: midrange-l@xxxxxxxxxxxx
> Subject: RE: security hole in interactive sql call statement?
> 
> 
> If your programmers shouldn't be allowed to do a WRKACTJOB, then they
> shouldn't have authority to the WRKACTJOB command.
> 
> HTH,
> Charles
> 
> --
> This is the Midrange Systems Technical Discussion 
> (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
> 
> --
> This is the Midrange Systems Technical Discussion 
> (MIDRANGE-L) mailing list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
> 
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.