|
Rob
But by canonization you could doAs someone else already mentioned their Exit point pgm had that vulnerability and I just checked mine. Hmmmmm.
/qsys.lib/mylib.lib/myfile.file/mymbr.mbr/../../payroll.file/payroll.mbr
and get to what you need.
Because, if the exit point followed my poor technique of just checking the left to match with what they are authorized to - they're toast.
Glad to hear I'm not the only one using 'poor technique'.....
Rob BerendtI agree with the rest of your post as well. A LARGE majority of shops I visit have this issue with security. It needs to be addressed one way or the other and properly written exit programs are generally an easier implementation than a security overhaul for large applications. This is especially true when there are more than one or when they came from the vendor with poor security built in. (Jack Henry any one??? Oh but that's just a banking app, no sweat)
- Larry
-- Larry Bolhuis IBM eServer Certified Systems Expert: Vice President iSeries Technical Solutions V5R3 Arbor Solutions, Inc. iSeries LPAR Technical Solutions V5R3 1345 Monroe NW Suite 259 iSeries Linux Technical Solutions V5R3 Grand Rapids, MI 49505 iSeries Windows Integration Technical Solutions V5R3 IBM eServer Certified Systems Specialist (616) 451-2500 iSeries System Administrator for OS/400 V5R3 (616) 451-2571 - Fax AS/400 RPG IV Developer (616) 260-4746 - Cell iSeries System Command Operations V5R2
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
