I think we can all agree when it comes to security, unqualified references to programs is a bad thing.

Thus, the reason IBM itself started qualifying references which broke the old trick customizing IBM
provided objects by CRTDUPOBJ to a library higher in the *LIBL.

Charles Wilt
--
Software Engineer
CINTAS Corporation - IT 92B
513.701.1307

wiltc@xxxxxxxxxx


-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx]
On Behalf Of David Gibbs
Sent: Friday, August 01, 2008 12:49 PM
To: RPG programming on the AS400 / iSeries
Subject: Re: Security Routines - bind bycopy? (wasRE: Questionabout
serviceprograms)

Walden H. Leverich wrote:
True. But can't I just do an updpgm with a new module to replace yours?
I guess the argument is that I'd need to know the signature which is
easier to know for a srvpgm than an embedded module.

Assuming the service program is not explicitly qualified in the program
(i.e., using library list), putting a new service program higher on the
library list is trivial and the easiest thing to do, imo.

Doing an UPDPGM could work assuming you had the authority. This, however,
would probably leave incriminating tracks.

david



This e-mail transmission contains information that is intended to be confidential and privileged. If you receive this e-mail and you are not a named addressee you are hereby notified that you are not authorized to read, print, retain, copy or disseminate this communication without the consent of the sender and that doing so is prohibited and may be unlawful. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please delete and otherwise erase it and any attachments from your computer system. Your assistance in correcting this error is appreciated.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].