|
Buck, I agree with your statement, but unfortunately I hadn't designed the original application, I was just maintaining it. It would of been a nightmare trying to get adopted authority on the programs, and my users, and boss, would of screamed bloody murder. This was a company that when I got there about 1/4 of the users had *ALLOBJ authority (about 15 users). The main thing I was securing against was against PC and network users. Unfortunately, most of the security on this system was the standard security by obscurity, which I was slowing getting rid of when I had the free time. I was the only real computer literate person there, which helped a bit. Regards, Jim Langston Programmer/Analyst Cels Enterprises, Inc. -----Original Message----- From: security400-admin@midrange.com [mailto:security400-admin@midrange.com]On Behalf Of Buck Calabro Sent: Wednesday, August 22, 2001 8:37 AM To: security400@midrange.com Subject: RE: [Security400] Authority annoyances, continued... >Didn't have STRSQL on that box Every box has STRQMQRY, which easily translates into command line SQL access. Every box has ReXX. Every box has DSPPFM! Looking at installed program products isn't enough, because there's too many ways to get at data. Failing to secure the file against read/update will allow all sorts of access by... curious programmers and users.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.