rob@xxxxxxxxx wrote:

>Anyone see a security issue with CHGJOBD JOBD(QSYS/QSTRUPJD) 
>USER(GODLIKE)?
>
>What problem am I trying to solve?
>http://archive.midrange.com/midrange-l/200501/msg00665.html

Rob:

I'd say the simple answer is "Yes."

And the simple explanation is that it isn't necessary so why dole out more 
authority than needed? A second program can adopt needed authority and your 
startup profile can be granted authority to call it. Put all writer handling in 
the new program. Insert the CALL into your QSTRUP program.

In fact, you might want to structure your entire QSTRUP program this way. 
There's no requirement that your startup profile must have any significant 
authority other than to be able to run QSTRUP; additional authorities can be 
obtained in a clearly precise manner by grouping like functions in discrete 
programs. Grant authority to run the programs rather than granting authority to 
perform categories of actions.

Plain, old QPGMR can be used and it doesn't need much authority at all. Nor 
should it have significant authority.

Tom Liotta


-- 
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788 x313
Fax    253-872-7904
http://www.powertech.com



__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register

Netscape. Just the Net You Need.

New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].