× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Bingo, the registry part is what I was trying to remember. Good recap on
the basic security approach.
=====================
Tom Kreimer
Network Manager
Buckhorn Inc, Milford OH



See link below for the direct answer to your question.

Still boils down to:

* Start with user security.
* * default passwords, not signed on in awhile, etc

* Resource security
* * Why let everyone have *ALLOBJ, or why let everyone have all the
capability that EDTOBJAUT can give them?
* * Consider an "Application Only" access in which the user has no
authority to the data. They can only get to it via programs that adopt
authority.

* Exit point security.
* * Should not be considered as a replacement for 2 and 3 but as
additional gates.

* 5250 security
* * See how low down the list this is? Alas, this is where many people
start and end.
* * Consider "Limit Capabilities".
* * Custom menus to not tempt them into options they shouldn't have access

to.

* A patchwork of command security.
* * This is where people secure stuff like WRKQRY or STRSQL but forget
stuff like DBU, UPDDTA, iNav's ability to edit tables, using Excel to
update tables, etc. Once again, see Resource security to secure your
data.

http://tinyurl.com/a58bp5
or
http://publib.boulder.ibm.com/infocenter/systems/scope/i5os/topic/rzaj3/rzaj3security.htm?tocNode=%74%6f%63%3a%72%7a%61%68%67%2f%69%35%6f%73%2f%33%2f%32%2f%34%2f%32%2f%37%2f


Application Administration as a security tool
Do not use Application Administration as a security tool.

Application Administration was designed for customizing the functions
available on your client PC. You should not use Application Administration

for administering security on your client PC for these reasons:

Application Administration uses the Windows® registry to cache
restrictions on the client PC. A skilled user who is restricted from a
function by Application Administration could obtain access to the function

by editing the registry.

If multiple interfaces exist to the same resource, restricting a single
interface through Application Administration does not restrict the other
interfaces to the same resource. For example, you can restrict a user from

accessing the database function of System i? Navigator through Application

Administration. However, the user can still access database files by using

other database interfaces, such as Open Database Connectivity (ODBC) or
database control language (CL) commands.



Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.