Re: Losing Authority to a file in Batch

["Jim Franz" <franz400@xxxxxxxxxxxx>]

> Yes - a big difference.
The point I was making (very poorly I guess) is that
called programs with *owner auth can be a security hazard if
they can be called at will by something like rmtcmd.
At that point, whether it's the dltf command or the *owner pgm
that does the same dltf (without some serious edits), ends in
the same result. The "and
_within_the_context_of_that_program's_instructions_"
becomes very important.I think we agree here.
jim

----- Original Message ----- 
From: "John Earl" <john.earl@xxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Monday, January 26, 2004 3:32 PM
Subject: RE: Losing Authority to a file in Batch


> > well.... would it be any diff if C:\>rmtcmd //gdisys call
> > pgmxxx
> > and pgmxxx is compiled to *owner.
>
> Yes - a big difference - pgmxxx typically has a scoped set of work that
> a user can do such as "add a record" or Maintain Customer Info", or some
> such thing. and _within_the_context_of_that_program's_instructions_, the
> user is allowed to read or change data to the referenced files.
>
> Otherwise, at the rmtcmd prompt, the user is authorized to run any
> command that they (or *PUBLIC) is authorized to, and execute that
> command against any file that the user (or *PUBLIC) is authorized to.
> That's a huge difference.
>
> Adopted authority allows you to scope a user's access to a file - the
> scope being the set of instructions that are already compiled into the
> adopted authority program.
>
> jte
>
> --
> John Earl | Chief Technology Officer
> The PowerTech Group
> 19426 68th Ave. S
> Seattle, WA 98032
> (253) 872-7788 ext. 302
> john.earl@xxxxxxxxxxxxx
> www.powertech.com
>