× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2021

RE: IBM i security question

Checked Limited capabilities User Signon with QCMD as a Program/procedure
at the Signon screen.
Got CPF1121 Initial program or procedure cannot be specified

Gad



date: Wed, 23 Jun 2021 19:41:22 +0000
from: Rob Berendt <rob@xxxxxxxxx>
subject: RE: IBM i security question

Yes, a clever user, who does not have LMTCPB(*YES), can type in QCMD on
the initial program and bypass the initial program assigned to their user
id.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
stefan@xxxxxxxxxx
Sent: Wednesday, June 23, 2021 3:30 PM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxxxxxxxx

Subject: RE: IBM i security question

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


They all are *MENU objects (INLMNU)

To my understanding the INLPGM/INLMNU is only secured as long a you protect
those fields on the signon screen -. Otherwise a clever user may use QCMD
as
a Program/Procedure on the signon screen and bypass the intended
restriction. In general I use signon screens with protected fields for that
reason.

Best regards

Stefan

--
No trees were killed in the sending of this message, but a large number of
electrons were terribly upset.

Stefan Tageson
+46 732 369934
stefan@xxxxxxxxxx




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.