Buck, I agree with your statement, but unfortunately I hadn't designed the original application, I was just maintaining it. It would of been a nightmare trying to get adopted authority on the programs, and my users, and boss, would of screamed bloody murder. This was a company that when I got there about 1/4 of the users had *ALLOBJ authority (about 15 users). The main thing I was securing against was against PC and network users. Unfortunately, most of the security on this system was the standard security by obscurity, which I was slowing getting rid of when I had the free time. I was the only real computer literate person there, which helped a bit. Regards, Jim Langston Programmer/Analyst Cels Enterprises, Inc. -----Original Message----- From: email@example.com [mailto:firstname.lastname@example.org]On Behalf Of Buck Calabro Sent: Wednesday, August 22, 2001 8:37 AM To: email@example.com Subject: RE: [Security400] Authority annoyances, continued... >Didn't have STRSQL on that box Every box has STRQMQRY, which easily translates into command line SQL access. Every box has ReXX. Every box has DSPPFM! Looking at installed program products isn't enough, because there's too many ways to get at data. Failing to secure the file against read/update will allow all sorts of access by... curious programmers and users.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.