|
Well, I don't think it is practiced in most small shops either, but I think it was great that you went through those steps. It would be great if that was a documented, regular practice at that site. Whoever is responsible for that machine should take advantage of the security utilities. Chris Rehm javadisciple@earthlink.net If you believe that the best technology wins the marketplace, you haven't been paying attention. ----- Original Message ----- From: "JIM LANGSTON" <JLANGSTON@CELSINC.COM> To: <RPG400-L@midrange.com> Sent: Thursday, July 26, 2001 1:08 PM Subject: RE: Programing Question/Authority... > At my last position where I was responsible for the AS/400 totally, I went > though that book, "Tips > and Tools for Securing your AS/400" step by step and checked the security on > my AS/400, fixing some things that weren't right, mostly having to do with > default passwords which I either changed or *disabled the account with a > password of *NONE. > > I also ran the step for checking for adopted authority and found something > like 2 programs on the entire system that adopted authority. I think it is > extremly worthwhile to go through that book. > > But, as you mention, this was a small shop, so maybe you're right that it's > not practiced in larger shops. > > Regards, > > Jim Langston > > -----Original Message----- > From: owner-rpg400-l@midrange.com [mailto:owner-rpg400-l@midrange.com]On > Behalf Of Chris Rehm > Sent: Thursday, July 26, 2001 12:03 PM > To: RPG400-L@midrange.com > Subject: Re: Programing Question/Authority... > > > Informal show of hands: How many read and apply such practices? Just > curious. I have been in some big shops where this stuff wasn't practiced. > > When I worked in Las Vegas as a software vendor that was responsible for > maintaining our software on the sites of our customers and those customers > gave us network attachment, I used to use some pretty basic tricks to get to > do what I wanted/needed. I never abused this to mess with data that I wasn't > responsible for, but I knew that I could. > > I know that it is possible to be extremely secure on an AS/400. I am often > impressed how far the system has gone with even basic standard practices. > > Maybe things are maturing, but I once walked into a Las Vegas property where > I happened to be going to dinner and noticed a 400 sign on. I discovered > that not all the IBM supplied IDs had been changed. > > Oops, I guess I'm getting awful far afield. But anyway, granting *owner > authority does make sense at times but I think it really needs to be thought > out and should be audited. > > Chris Rehm > javadisciple@earthlink.net > If you believe that the best technology wins the +--- | This is the RPG/400 Mailing List! | To submit a new message, send your mail to RPG400-L@midrange.com. | To subscribe to this list send email to RPG400-L-SUB@midrange.com. | To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
