Re: [WDSCI-L] QTEMP in LIBL (Was Re: OVRDBF problem or maybe it is early Alzheimer's

[Ron-Zimmerman@xxxxxxxxxxxxxxx]

When you say "Someone can place a rogue object in the QTEMP and it gets 
found instead of the real object." who are you referring to?  Only the 
current job/user is able to see and work with the QTEMP library for any 
given job, so that would seem to remove the security risk, unless it is 
the current user that is causing the risk.  And in that case, there are 
many other ways that they could do damage easier than messing with QTEMP.

Thank you,
Ronald L. Zimmerman
I.T. Applications Manager
Swiss Valley Farms, Co.      http://www.swissvalley.com
"The Good for You Company"
Email: Ron-Zimmerman@xxxxxxxxxxxxxxx

wdsci-l-bounces@xxxxxxxxxxxx wrote on 07/12/2006 02:26:56 PM:

> > > This brings up a question I have wondered about.
>
> > > I also always thought that QTEMP should be at the top of the user
> portion 
> > > of the library list.  What is the logic for placing it at the end of
> the
> > > list instead of the beginning?
>
> I suspect this discussion should be in Midrange-L but here goes. 
>
> I always thought that it should be at the top too until recently
> discussing issue with my boss and he brought up point that having at the
> top introduces security risks. Someone can place a rogue object in the
> QTEMP and it gets found instead of the real object. 
>
> The solution is to keep the QTEMP in the bottom of the list and to
> always reference the QTEMP explicitly. 
>
>
>
> -- 
> This is the Websphere Development Studio Client for iSeries  (WDSCI-
> L) mailing list
> To post a message email: WDSCI-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/wdsci-l
> or email: WDSCI-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/wdsci-l.