I think it's great to disable user profiles upon bad signon's.
Users can't generate a list of users? True. But they can generate a list of user message queues. They have to be able to. If they don't have access to the message queues then they can't send them a message.
So you generate a list of message queues like this
WRKOBJ OBJ(QUSRSYS/*ALL) OBJTYPE(*MSGQ)
Oh? You secured them from the command line? Simple to work around. They can download any number of tools to do this:

select objname
from table(OBJECT_STATISTICS('QUSRSYS', '*MSGQ')) x;

Then you just try signing on each one of those until they are disabled.
Soon, you've disabled every user on the system.
Great denial of service attack.

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.