Re: IBM i for Wintel Hackers - Silent Signal TROOPERS24 Presentation -- MIDRANGE-L

AGREE

--opinion - Using all available existing security tools, properly implemented, the demonstrated hack would be very difficult to pull off.

Gavin

On 9/18/2024 1:13 PM, mlazarus wrote:
I'm going to be a contrarian here. I think that, other than a few unique situations, it's not good advice to have to qualify all your objects. The *LIBL is a wonderful feature that is unmatched on Unix and Windows platforms. The path environment variable is a poor substitute.

The alternative is to have a proper authority scheme on your objects. Carol Woodbury, Steve Pitcher and others have given many seminars and webinars on how to do that.

-mark

On 9/18/2024 11:44 AM, Mark Waterbury wrote:

Hi, Rob,

Short answer -- not all of the IBM objects of concern are in QSYS, QSYS2, QHLPSYS or QUSRSYS.

Mark

On Wednesday, September 18, 2024 at 10:34:50 AM EDT, Rob Berendt<robertowenberendt@xxxxxxxxx> wrote:
If it is primarily for IBM type library objects,
and you have system value QSYSLIBL set sanely,
how do they get something higher in the library list?

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.