× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: RE: Programing Question/Authority...
  • From: "JIM LANGSTON" <JLANGSTON@xxxxxxxxxxx>
  • Date: Thu, 26 Jul 2001 13:08:10 -0700
  • Importance: Normal

At my last position where I was responsible for the AS/400 totally, I went
though that book, "Tips
and Tools for Securing your AS/400" step by step and checked the security on
my AS/400, fixing some things that weren't right, mostly having to do with
default passwords which I either changed or *disabled the account with a
password of *NONE.

I also ran the step for checking for adopted authority and found something
like 2 programs on the entire system that adopted authority.  I think it is
extremly worthwhile to go through that book.

But, as you mention, this was a small shop, so maybe you're right that it's
not practiced in larger shops.

Regards,

Jim Langston

-----Original Message-----
From: owner-rpg400-l@midrange.com [mailto:owner-rpg400-l@midrange.com]On
Behalf Of Chris Rehm
Sent: Thursday, July 26, 2001 12:03 PM
To: RPG400-L@midrange.com
Subject: Re: Programing Question/Authority...


Informal show of hands: How many read and apply such practices? Just
curious. I have been in some big shops where this stuff wasn't practiced.

When I worked in Las Vegas as a software vendor that was responsible for
maintaining our software on the sites of our customers and those customers
gave us network attachment, I used to use some pretty basic tricks to get to
do what I wanted/needed. I never abused this to mess with data that I wasn't
responsible for, but I knew that I could.

I know that it is possible to be extremely secure on an AS/400. I am often
impressed how far the system has gone with even basic standard practices.

Maybe things are maturing, but I once walked into a Las Vegas property where
I happened to be going to dinner and noticed a 400 sign on. I discovered
that not all the IBM supplied IDs had been changed.

Oops, I guess I'm getting awful far afield. But anyway, granting *owner
authority does make sense at times but I think it really needs to be thought
out and should be audited.

Chris Rehm
javadisciple@earthlink.net
If you believe that the best technology wins the
marketplace, you haven't been paying attention.


----- Original Message -----
From: "alan shore" <SHOREA@dime.com>
To: <RPG400-L@midrange.com>
Sent: Thursday, July 26, 2001 11:13 AM
Subject: Re: Programing Question/Authority...


> If you read the IBM security reference manual, there are ways to capture
this (plus other) information, already available at NO cost (except
development time).
>
> >>> <rob@dekko.com> 07/26/01 01:05PM >>>
>
> Chris,
>
> <snip> QSECOFR should be generating a report on objects with *owner
> authority and an eye should be kept on how
> they work.
> <endsnip>
>
> Many of the security tools will do some of this work for you.  - report on
> objects with *owner authority.  An example is PentaSafe.  How they work,
> may be a separate issue.
>
>
>


+---
| This is the RPG/400 Mailing List!
| To submit a new message, send your mail to RPG400-L@midrange.com.
| To subscribe to this list send email to RPG400-L-SUB@midrange.com.
| To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---

+---
| This is the RPG/400 Mailing List!
| To submit a new message, send your mail to RPG400-L@midrange.com.
| To subscribe to this list send email to RPG400-L-SUB@midrange.com.
| To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.