× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2011

RE: QMAXSGNACN

In a previous incarnation I had the system value set to *not* automatically
create devices. However, I discovered that an existing device could be
re-configured from one type (printer) to another (display). I tried many
approaches to preventing this, including excluding QTCP user which creates
devices. I submitted a PMR and got back the eventual response that this was
working as designed. Submitted a DCR, natch. Basic response was, we'll
think about it, but looks like it would break other things.

Jerry C. Adams
IBM i Programmer/Analyst
"If Dwarf-tossing Is Outlawed, Only Criminals Will Toss Dwarfs: Is
Dwarf-tossing A Victimless Crime?" - Paper in The American Journal of
Jurisprudence(1993) by Robert W. McGee
--
A&K Wholesale
Murfreesboro, TN
615-867-5070


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Charles Wilt
Sent: Wednesday, March 23, 2011 12:38 PM
To: Midrange Systems Technical Discussion
Subject: Re: QMAXSGNACN

Rob, I don't see how disable device would have any effect unless
you're not auto creating virtual devices...

If you aren't auto creating virtual devices, then I don't see a
concern with disabling both....

A user would have to not only keep switching profiles but switch
workstations also...

Charles

On Wed, Mar 23, 2011 at 1:13 PM, <rob@xxxxxxxxx> wrote:
We had "yet another security audit".  This time we are getting dinged
because we have QMAXSGNACN sent to 1=Disable device.  It is recommended
that we use 3=Disable device and profile.  Their concern is that someone
could mount a Denial Of Service attack on us and disable all of our
virtual devices.  My thought is, that if I set it to disable user profiles
wouldn't that just expand the DOS attack to include user profiles also?
Let's see, sign on 3 times and disable QSECOFR, then try QSYSOPR and
several others.  Granted, you could use this to recover QSECOFR (which is
quite drastic)

http://publib.boulder.ibm.com/infocenter/iseries/v6r1m0/topic/rzamh/rzamhrec
over.htm
or you could sign on as someone else with that level of authority and
reset it there.

Anyone with command line access can do a
wrkobj qusrsys/*all *msgq
and get a list of all your user profiles.  I just signed on as this user
crtusrprf dummy
and was able to perform that.  (Please do not take offense at the user
name - it's just a habit of mine.  The operator knows to kill it on
sight.)

Rob Berendt
--
Group Dekko
Dept 1600
Mail to:  2505 Dekko Drive
         Garrett, IN 46738
Ship to:  Dock 108
         6928N 400E
         Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.