|
Shannon, > I did not notice that the length of the passWord is also required now. > That sucks. I don't think IBM ever breaks an existing public API lightly (unlike another OS vendor who shall remain nameless...). But in this case, it appears the change was very intentional and was specifically changed in order to thwart a possible exploit described by Scott. IBM takes security very seriously (again, unlike another OS vendor who shall remain nameless, or at least they didn't used to...), and faced with a choice of keeping compatibility and the exploit working, or closing the exploit by requiring relatively minor changes to user programs, they chose what seems to me to be the only logical alternative. But they also documented the change in the Memo to Users. Reading that is part of your release update planning, isn't it? Why do you think they bother to write the Memo to Users? In terms of James' question "What was IBM thinking?!?", the answer appears to be security. But I also don't fault IBM for being vague and not spelling out the exact exploit, since this change only closes it for V5R3 users. Given the circumstances, do you really think it would be better to leave the API the way it worked in the past? Doug
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.