|
date: Wed, 23 Jun 2021 19:41:22 +0000
from: Rob Berendt <rob@xxxxxxxxx>
subject: RE: IBM i security question
Yes, a clever user, who does not have LMTCPB(*YES), can type in QCMD on
the initial program and bypass the initial program assigned to their user
id.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
stefan@xxxxxxxxxx
Sent: Wednesday, June 23, 2021 3:30 PM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxxxxxxxx
Subject: RE: IBM i security question
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
They all are *MENU objects (INLMNU)
To my understanding the INLPGM/INLMNU is only secured as long a you protect
those fields on the signon screen -. Otherwise a clever user may use QCMD
as
a Program/Procedure on the signon screen and bypass the intended
restriction. In general I use signon screens with protected fields for that
reason.
Best regards
Stefan
--
No trees were killed in the sending of this message, but a large number of
electrons were terribly upset.
Stefan Tageson
+46 732 369934
stefan@xxxxxxxxxx
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.