AThis sounds pretty scary. I've known about adopted authority since the
early days of the AS/400, but profile switching is news to me.

Am I reading this right?  Joe User can sign on with his profile, use some
magic command, and he can become QSECOFR?  With no trace back to Joe
User's profile?

It's not all that scary. You could potentially do that if you knew the password, but then you could log on as qsecofr anyway. The concern as I see it, is that in order to swap profiles without knowing the password (which is desirable for programmatic use), you need to have *USE authority to the user profile. That can cause some security exposure unless it's handled very intelligently. I really don't think profile swapping is more dangerous than adopting authority. The issues are a little more subtle perhaps, but not all that different. I think if you're going to be using profile swapping, the swapped-to profile should not have more authority than the user. It should just have one specific capability that's needed for a particular job step. Once that part of the job is done, the original user should be restored. If the need for profile swapping is security related, maybe the program that does the swap needs to run with adopted authority. Oh, what tangled webs we weave...


Pete Hall
http://www.pbhall.us



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.