|
> Scary is right! From an auditor's viewpoint, the generally recommended best > practice setting is *FRCSIGNON. *FRCSIGNON has it's own risks, and I don't believe that this is a blanket recommendation from Auditors who understand OS400. If you require every user who connects to your iSeries to go through the DDS signon screen (QDSIGNON) every time they connect, then you guarantee that OS/400 passwords will be sent across your network in clear text. The Client Access signon server will encrypt passwords and compare encrypted values. DDS will likely never be smart enough to do that. That being said, even if you allow bypass signon you may still be sending clear text passwords if you are using the OS/400 System value QINACTITV to time out inactive sessions. Usually, once you time out a session, you cause the QDSIGNON screen to display once again and run the risk of an plain text password transmission. jte -- John Earl johnearl@powertechgroup.com The Powertech Group www.powertechgroup.com Kent, Washington, USA +1 253-872-7788
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
