Buck,

I agree with your statement, but unfortunately I hadn't designed the
original application, I was just maintaining it.  It would of been a
nightmare trying to get adopted authority on the programs, and my users,
and boss, would of screamed bloody murder.

This was a company that when I got there about 1/4 of the users had
*ALLOBJ authority (about 15 users).

The main thing I was securing against was against PC and network users.

Unfortunately, most of the security on this system was the standard
security by obscurity, which I was slowing getting rid of when I had
the free time.

I was the only real computer literate person there, which helped a bit.

Regards,

Jim Langston
Programmer/Analyst
Cels Enterprises, Inc.

-----Original Message-----
From: security400-admin@midrange.com
[mailto:security400-admin@midrange.com]On Behalf Of Buck Calabro
Sent: Wednesday, August 22, 2001 8:37 AM
To: security400@midrange.com
Subject: RE: [Security400] Authority annoyances, continued...


>Didn't have STRSQL on that box

Every box has STRQMQRY, which easily translates into command line SQL
access.  Every box has ReXX.  Every box has DSPPFM!  Looking at installed
program products isn't enough, because there's too many ways to get at data.
Failing to secure the file against read/update will allow all sorts of
access by... curious programmers and users.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.