Take one step back on the holier than thou attitude there Doug.  Not all of us 
have gone to V5R3 yet and have therefore had any need to read the memo to users 
for that release yet.



-----Original Message-----
    From: "Douglas Handy"<dhandy@xxxxxxxxx>
    Sent: 9/15/05 9:13:09 AM
    To: "Midrange Systems Technical Discussion"<midrange-l@xxxxxxxxxxxx>
    Subject: Re: WHAT was IBM THINKING?!?!?, Re: QSYGETPH API
    
    Shannon, 
    
    > I did not notice that the length of the passWord is also required now. 
    > That sucks. 
    
    
    I don't think IBM ever breaks an existing public API lightly (unlike 
another 
    OS vendor who shall remain nameless...). But in this case, it appears the 
    change was very intentional and was specifically changed in order to thwart 
    a possible exploit described by Scott. IBM takes security very seriously 
    (again, unlike another OS vendor who shall remain nameless, or at least 
they 
    didn't used to...), and faced with a choice of keeping compatibility and 
the 
    exploit working, or closing the exploit by requiring relatively minor 
    changes to user programs, they chose what seems to me to be the only 
logical 
    alternative.
    
    But they also documented the change in the Memo to Users. Reading that is 
    part of your release update planning, isn't it? Why do you think they 
bother 
    to write the Memo to Users?
    
    In terms of James' question "What was IBM thinking?!?", the answer appears 
    to be security. But I also don't fault IBM for being vague and not spelling 
    out the exact exploit, since this change only closes it for V5R3 users. 
    Given the circumstances, do you really think it would be better to leave 
the 
    API the way it worked in the past?
    
    Doug
    -- 
    This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
    To post a message email: MIDRANGE-L@xxxxxxxxxxxx
    To subscribe, unsubscribe, or change list options,
    visit: http://lists.midrange.com/mailman/listinfo/midrange-l
    or email: MIDRANGE-L-request@xxxxxxxxxxxx
    Before posting, please take a moment to review the archives
    at http://archive.midrange.com/midrange-l.
    
    
    


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.