|
There's a great manual that IBM ships (at least through V4R5!) called "Tips and Tools for Securing your AS/400". Everyone should read this manual. Phil > -----Original Message----- > From: owner-rpg400-l@midrange.com [mailto:owner-rpg400-l@midrange.com]On > Behalf Of Chris Rehm > Sent: Thursday, July 26, 2001 3:03 PM > To: RPG400-L@midrange.com > Subject: Re: Programing Question/Authority... > > > Informal show of hands: How many read and apply such practices? Just > curious. I have been in some big shops where this stuff wasn't practiced. > > When I worked in Las Vegas as a software vendor that was responsible for > maintaining our software on the sites of our customers and those customers > gave us network attachment, I used to use some pretty basic > tricks to get to > do what I wanted/needed. I never abused this to mess with data > that I wasn't > responsible for, but I knew that I could. > > I know that it is possible to be extremely secure on an AS/400. I am often > impressed how far the system has gone with even basic standard practices. > > Maybe things are maturing, but I once walked into a Las Vegas > property where > I happened to be going to dinner and noticed a 400 sign on. I discovered > that not all the IBM supplied IDs had been changed. > > Oops, I guess I'm getting awful far afield. But anyway, granting *owner > authority does make sense at times but I think it really needs to > be thought > out and should be audited. > > Chris Rehm > javadisciple@earthlink.net > If you believe that the best technology wins the > marketplace, you haven't been paying attention. > > > ----- Original Message ----- > From: "alan shore" <SHOREA@dime.com> > To: <RPG400-L@midrange.com> > Sent: Thursday, July 26, 2001 11:13 AM > Subject: Re: Programing Question/Authority... > > > > If you read the IBM security reference manual, there are ways to capture > this (plus other) information, already available at NO cost (except > development time). > > > > >>> <rob@dekko.com> 07/26/01 01:05PM >>> > > > > Chris, > > > > <snip> QSECOFR should be generating a report on objects with *owner > > authority and an eye should be kept on how > > they work. > > <endsnip> > > > > Many of the security tools will do some of this work for you. > - report on > > objects with *owner authority. An example is PentaSafe. How they work, > > may be a separate issue. > > > > > > > > > +--- > | This is the RPG/400 Mailing List! > | To submit a new message, send your mail to RPG400-L@midrange.com. > | To subscribe to this list send email to RPG400-L-SUB@midrange.com. > | To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: > david@midrange.com > +--- > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com +--- | This is the RPG/400 Mailing List! | To submit a new message, send your mail to RPG400-L@midrange.com. | To subscribe to this list send email to RPG400-L-SUB@midrange.com. | To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
