To anyone paying attention:

I better correct this before everyone starts wondering what this thread is 
about. I originally used "*SAVRST" but meant "*SAVSYS". Guess I was still 
thinking of Evan's term "save/restore".

Tom Liotta

On Wed, 12 December 2001, "John Earl" wrote:

> *SAVRST special authority can also negate *EXCLUDE access to
> private objects that you do not want read.  A user with *SAVRST
> is not prevented from viewing the contents of an object (sure,
> there is a hoop or two to jump through, but it can be done).  It
> might be viewed as *ALLREAD special authority.
> ----- Original Message -----
> From: Evan Harris <spanner@ihug.co.nz>
> >
> > Securing the restore commands is a great way to prevent
> unauthorised
> > production deployments -
> > especially when you have hostile programmers on your site :)
> >
> > Nothing focuses the mind on locking things down like having a
> group of
> > people intent on breaking the rules !
> >
> > >On Fri, 07 December 2001, Evan Harris wrote:
> > >
> > > > I hate the idea that a password that has save/restore
> capability ends up in
> > > > a script, no matter how short the time frame.
> > >
> > >I'm glad this was mentioned. *SAVRST is dangerous, granting
> the ability to
> > >bring an AS/400 down (for all practical purposes) in a few
> seconds. Few
> > >sites control it unfortunately.

--
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788
Fax  253-872-7904
http://www.400Security.com


___________________________________________________
The ALL NEW CS2000 from CompuServe
 Better!  Faster! More Powerful!
 250 FREE hours! Sign-on Now!
 http://www.compuserve.com/trycsrv/cs2000/webmail/






As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.