× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2008

RE: Anti-virus for i5OS

I can't speak for everything, but I have installed TAATOOL and AJS
without using QSECOFR. Also PowerTech, Domino, WebSphere, MQ Series,
Content Manager, Cybermation ESP and many others. I only remember one
thing that truly required use of the QSECOFR profile, but I didn't end
up installing that (for that reason) and it's been so long ago that I
don't remember what it was.

I don't understand how you got CHGUSRPRF2 and CPYUSRPRF2 to work, among
others in TAATOOL.

With a change management system, and multiple versions of BPCS running
(4.05CD to LX), I would be faced with the content management software
having to match multiple, independent owners in addition to our own in
house menu system. By the time I've made the CMS profile a member of all
those groups, I hardly care about QSECOFR anymore. The keys to the
kingdom are already given away within the software. If a programmer wants
to write a check to themselves within the system, I'll assume that they'll
do it in the ERP package than monkeying with registered exit points or
modifying IBM objects. A lot easier to let the software do it's job and
grant authorities/ownership based on reference objects in the libraries
being loaded, and not necessarily any greater of a security risk
(depending on the CMS configuration and usage).

When I referred to the O/S, I was referring to the base O/S, in which
you have no choice because you have no other profiles available to use.
LPPs are not technically O/S.

So you would want 5722XE1, iSeries Access for Windows installed under a
profile other than QSECOFR? The same thing for Query Manager and TCP/IP
connectivity Utilities? Seems way overboard to me.

In most cases users and applications request far more authority than is
required to do the job. It doesn't help that we work on a secure system
if we pay no attention to or disable the built-in security.

I certainly agree with this.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.