|
> From: rob@xxxxxxxxx > > And what would restrict the public from being able to call the I/O module? > Security-by-obscurity? OS/400 object authority. And since it's only a programmatic interface not designed to be called from a command line, even if a user gets access to a command line they can't just invoke the I/O module. Now, an unscrupulous programmer could indeed write an interface to the I/O module and then grant authority to a production user who could then use it to update data. If that's your concern, then you need one more level of security, wherein the trigger program checks for a valid caller to the I/O module. You also need probably need a better screening process for your developers <grin>. Of course, if you have unscrupulous programmers with access to production data, then you have much larger security problems. This is, however, a good reason to not allow programmers authority to production data <smile>. Anyway, this is pretty basic stuff. I think if you sat down and worked through the issues yourself you'd see how a combination of adopted authority and proper security can completely lock down your data under most normal circumstances. Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
