|
>MY job to slip into my spandex.... AAARRRRRRRRRGHHHHHHHHHHHHHH, my eyes, my eyes, I'm blinded! <G> >...will allow a malicious user... Impressive, most of the ones I've seen "may" allow. Basically it's a report of a situation where IF you did this and then you did that and then you did the other thing then you could take control. But regardless of semantics... A properly configured/secured server wouldn't allow the access necessary to take advantage of most of these issues. >I get the idea that this problem might be apocryphal. I said it wasn't "my bug" but I do trust the source and veracity of the bug. >You can't even recreate it using a web interface. Perhaps. My understanding is that it's caused down in the bowels of the query processor, so I would think that it could happen for a batch job too, but perhaps you are correct (I hope you are). But since you bring up the web interface, the vast majority of windows issues aren't exploitable via port 80 either. -Walden ------------ Walden H Leverich III President & CEO Tech Software (516) 627-3800 x11 WaldenL@xxxxxxxxxxxxxxx http://www.TechSoftInc.com Quiquid latine dictum sit altum viditur. (Whatever is said in Latin seems profound.) -----Original Message----- From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Joe Pluta Sent: Thursday, 30 December, 2004 11:50 To: 'Midrange Systems Technical Discussion' Subject: RE: Why NOT the web? > From: Walden H. Leverich Walden, I'll let you have your fun, but there a couple of areas where you simply cross the line. And of course, it's then MY job to slip into my spandex with the big letter "A"--oops, little letter "i"--on the front, and address your brazen foolishness! (Then again, it may be a bit cheeky for a fat guy in spandex to be talking about brazen foolishness...) > John mentioned the "732 reasons not to use .NET" but Rob had a valid > counter, isn't this the same as "integrity ptfs"? Beyond that, if you > want to count apples and apples, don't forget to count WebSphere, Java > and Apache issues in that mix, because you need all that to cover the > .NET universe. I just updated my machine last week. Looking at it now, there are about a dozen "Windows Security Updates" that say that not installing this patch will allow a malicious user to completely take over my machine. There is NOTHING like that on ANY IBM bug I have ever heard, with the possible exception of the passwords being stored in the clear in temporary storage. So, one bug versus dozens or more a month - no, there is no similarity. > How many know > about a "small problem" where you can crash and entire high-end iSeries > by doing a System Request 2 during a query? We're not taking about an > old bug, we're talking about V4R4 to V5R3 problem that isn't PTFd yet. Never had it happen. Haven't been able to do it here, Walden. I get the idea that this problem might be apocryphal. But even if it isn't, it requires physical access to the 5250 terminal. You can't even recreate it using a web interface. Joe -- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-l or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact copyright@midrange.com.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.