RE: [Security400] Authority annoyances, continued...

["Joe Giusto II \(E-mail\)" <juicenetdps@xxxxxxxxxxxxxx>]

If memory serves me correctly, didn't the SYS38 default objects to public
exclude (or maybe it was just use)?  I seem to remember always having
trouble with object authority when ever we changed employees.  As the new
operator would run jobs during the first week or so, we would have to keep
granting object authority to files as programs blew up.  This was of course
before we learned about the group profiles which eliminated that need once
implemented.  We granted proper authority to the group profiles and then
just started adding profiles to the group when new person came.

Joe Giusto II
Programmer/Analyst
Ritz Camera
Beltsville, MD
301-419-3209 x347
410-813-2812 x347

 -----Original Message-----
From:   security400-admin@midrange.com
[mailto:security400-admin@midrange.com]  On Behalf Of John Earl
Sent:   Wednesday, August 22, 2001 8:04 PM
To:     security400@midrange.com
Subject:        Re: [Security400] Authority annoyances, continued...


<snip>

Now, we sell exit programs, and make our living (in part) off of this
"hole" that was opened up - but I must insist - please, don't blame
IBM.  They didn't do it.  The hole was created by us (you and I ) and
all the other developers and (especially) application vendors that
built our systems to rely on "menu security".  IBM told us not to do
it.  IBM gave us object level security.  We just chose not to use.   I
agree that the /400 world is in a very messy place with respect to
security, I just don't think you can saddle IBM with the blame.

<snip>

jte

--
John Earl - VP & CTO
The Powertech Group
253-872-7788
johnearl@powertechgroup.com
www.powertechgroup.com