If memory serves me correctly, didn't the SYS38 default objects to public
exclude (or maybe it was just use)?  I seem to remember always having
trouble with object authority when ever we changed employees.  As the new
operator would run jobs during the first week or so, we would have to keep
granting object authority to files as programs blew up.  This was of course
before we learned about the group profiles which eliminated that need once
implemented.  We granted proper authority to the group profiles and then
just started adding profiles to the group when new person came.

Joe Giusto II
Programmer/Analyst
Ritz Camera
Beltsville, MD
301-419-3209 x347
410-813-2812 x347

 -----Original Message-----
From:   security400-admin@midrange.com
[mailto:security400-admin@midrange.com]  On Behalf Of John Earl
Sent:   Wednesday, August 22, 2001 8:04 PM
To:     security400@midrange.com
Subject:        Re: [Security400] Authority annoyances, continued...


<snip>

Now, we sell exit programs, and make our living (in part) off of this
"hole" that was opened up - but I must insist - please, don't blame
IBM.  They didn't do it.  The hole was created by us (you and I ) and
all the other developers and (especially) application vendors that
built our systems to rely on "menu security".  IBM told us not to do
it.  IBM gave us object level security.  We just chose not to use.   I
agree that the /400 world is in a very messy place with respect to
security, I just don't think you can saddle IBM with the blame.

<snip>

jte

--
John Earl - VP & CTO
The Powertech Group
253-872-7788
johnearl@powertechgroup.com
www.powertechgroup.com





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.