× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. August 2001

Re: Authority annoyances, continued...

>Hmm.. yes, good ol' ODBC, Client Access and Ops Nav.  Those things
have been a thorn in my side as far as security is concerned.  On
>my old system I got around it simply not using Client Access, we
didn't even have it licensed.  We used Mochasoft for 5250 screen
>emulation.  But, of course, that wasn't to last.  My last company
merged with another company that used Client Access as the
>standard, so it wound up getting installed on my system too.

Oh, Client Access and it's enablers were likely still there, unless
you chose not to even load the CA LPP's on your system.  Even then,
you'd still have plenty of servers that are active and waiting to
service inbound requests.


>You have exit programs you can write, if you have the time to find
out how to write them, and then actually write them. You wind up
>plugging the huge hole IBM opened up.  Instead of being able to
secure it and open up the holes you  secure yourself.

Now, we sell exit programs, and make our living (in part) off of this
"hole" that was opened up - but I must insist - please, don't blame
IBM.  They didn't do it.  The hole was created by us (you and I ) and
all the other developers and (especially) application vendors that
built our systems to rely on "menu security".  IBM told us not to do
it.  IBM gave us object level security.  We just chose not to use.   I
agree that the /400 world is in a very messy place with respect to
security, I just don't think you can saddle IBM with the blame.

>I would of much preferred Client Access to have additional security,
not less.  Especially since most systems at the time had
>security implemented on the program/menu level, not the file level
(hey, if you don't have access to the program, you don't have
>access to the file, right?)
Wrong - even before client access there were always lots of ways to
get at data that didn't require program or menu access.  Client Access
just made it evident and easy for end users.

jte

--
John Earl - VP & CTO
The Powertech Group
253-872-7788
johnearl@powertechgroup.com
www.powertechgroup.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.