× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. December 2000

Re: Subfiles in batch job

  • Subject: Re: Subfiles in batch job
  • From: Scott Klement <klemscot@xxxxxxxxxxxx>
  • Date: Tue, 19 Dec 2000 17:03:46 -0600 (CST)
 

Hmmm... it never occurred to me that OVRDSPF DEV(xxx) could be a security
improvement, but I guess it could be :)

Just for kicks one day (this was a year or two ago) I wrote a program that
found all the terminals in the company that weren't signed on.   For each
one that wasn't signed on, it displayed a "fake" sign-on screen, and when
the person typed their user-id and password into the screen, it simply
sent me a message with their userid and password.

So, in a way this is also a big security hole.   A programmer with
somewhat limited access to the system could create a program that 
could (potentially) give him the userid/password of someone with *ALLOBJ
authority.

Fun, eh?


On Mon, 18 Dec 2000, Jim Langston wrote:

> Um.. uhh.. wow.  This is intriguing.  Tell me this then...
> 
> Wouldn't it be possible to take a dumb tube and stick it out in an area
> and not sign it on.  Then have an RPG program that had the job do an
> Override to this display file write to the screen without waiting for
> a response.  All this going on in a never ending batch job.  So now I
> have a green screen slide show going on to a device that is not really
> secure, but it's not signed onto the system anyway, so no body can get
> access that way?
> 
> Or even better yet, have it wait for a response now and then.  Or allow for
> input into the display file.  Then the program could change what it shows
> or whatever depending on what the person enters.  There is absolutely no way
> the person can get into the system since it's not signed on.  There is no
> interactive session waiting to get a command line too.
> 
> Or am I missing something?
> 
> Regards,
> 
> Jim Langston
> 
> Peter Connell wrote:
> > 
> > Dan,
> > It just has to be sitting there with the signon display up so that it's not
> > allocated. The issue here is that it must always be available for the batch
> > job. However, the batch pgm still waits for a response when you do an EXFMT
> > so you have to go to the device to press ENTER when the display format
> > magically appears on the device without anyone having signed on.
> > 
> > Cheers, Peter

+---
| This is the RPG/400 Mailing List!
| To submit a new message, send your mail to RPG400-L@midrange.com.
| To subscribe to this list send email to RPG400-L-SUB@midrange.com.
| To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.