|
> Here's a quick example of where O/S security crosses application security. > > We run JDE world, and adopt a similar security model to the IBM recommended > one - i.e. adopted security and lock everything else down. While this > provides good security on a day to day basis, there are always loopholes. > JDE provides the option to set up menus which call OS/400 commands. As the > user has adopted authority by now, they have full access to the OS > commands, unless they're locked out of application security. Many times we see JD Edwards applications that have the JDE profile own everything, be the group profile for everyone, and have *ALLOBJ authority. This is a recipe for disaster. If (when!) the end user gets either command line access or access tot he database from the outside (ODBC, FTP, etc.) they are going to have *ALLOBJ authority to everything on the system. JD Edwards seems like the poster application for why you do not want to rely on menu security. JDE has the best menu security system I have ever seen. But that's a bit like being having the best typewriter in a room full of laptops. It just doesn't matter anymore. jte BTW, they have a knowledge garden document that explains how to move your JD Edwards application to Application Only Access. If you run a JDE shop, you should have a look at it. -- John Earl - VP & CTO The Powertech Group 253-872-7788 johnearl@powertechgroup.com www.powertechgroup.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
