• Subject: RE: AS400 user password
  • From: edfishel@xxxxxxxxxx
  • Date: Mon, 12 Jun 2000 08:33:11 -0500

>Ed -
>
>How does this PTF solve the "password sniffing" problem???
>
>Kenneth

Kenneth,

Subsystem monitor jobs use a single open for each 250 or so display
devices. So for example, if the subsystem supports 600 display devices,
there will be three opens and three input/output buffers. Each buffer is
used for the sign-on screens for only one set of devices.

The fix provided by the PTFs is to blank out the password in the buffer
immediately after it is read into a local variable. The program that does
this already blanked out its local variables when it was done verifying the
users sign-on password.  Not blanking out the password in the input buffer
was an oversight. I will not try to offer an excuse for why the developer
missed this. (I am not that developer.)

Ed Fishel,
IBM Rochester


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.