|
Shalom - For simplicity I'll concede every one of your points. Now please explain to me why these are iSeries vulnerabilities rather than FTP or LDAP vulnerabilities. Regards, Scott Ingvaldson iSeries System Administrator GuideOne Insurance Group -----Original Message----- date: 17 May 2005 14:30:30 -0000 from: shalom@xxxxxxxxxx subject: RE: iSeries FTP security Exploits and vulnerabilities are not necessarily based on buffer overflows and root access. Imagine that your application is a secure goverment building. The people working in the building are the application users. Each data file is in a tagged folder, that can be declared public, confidential, secret, and top-secret. Jane works in the building, and can view confidential and secret files. (based on the object authority) Jane's record holds the list of confidential files that she is allowed to take out. The security policy is that public files can be taken out, confidential files must be matched with the user's record to see if they can be taken out, secret and top-secret files must not be removed from the premises. If Jane takes a secret file, places it inside a confidential folder that she is allowed to take out, and manages to exit without being stopped by the security guard (the ftp exit program), then we have a security vulnerability. The security guard should have verified that the folder matches its contents. Shalom Carmel -------------
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
