× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2006

Re: Application administration for security control?

James,

It's a defense-in-depth issue.  Yes IBM has a very strong point.  The 
first defense in configuring security on your data is to secure the data 
properly with object level authority.  If a person does not need access to 
a database then secure them out of it.  However, if your application is a 
legacy application, or is written by people with a legacy frame of mind, 
then they probably wrote their 5250 based programs with the assumption 
that the users will have *ALL object authority on the files.  They 
probably did NOT write their programs with an "application only" frame of 
mind.  An application only frame of mind says that the users will have no 
access to the data.  They will only have use access to the programs.  And 
the programs will adopt the necessary authority to get to the data.
Ok, so now the barn door has been left open.  Now the users can get to the 
data any way they want to.  Assuming the 5250 based programs do not allow 
them access to a command line and do a reasonable job - in that 
environment - yet ignored other environments, then it is up to you to use 
Application Administration or a solution from an Exit Point Security 
Vendor to lock up the myriad other ways they can get to the data.

If you really study Application Administration, I fail to see how a 
windows registry patch can get them in.  You configure Application 
Administration from your PC.  And it will affect that user from regardless 
which PC he logs into.

I've personally written some exit points.  There's no way a windows 
registry patch is getting past those.

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.