Re: Security Routines - bind bycopy? -- RPG400-L

Subject: Re: Security Routines - bind bycopy?
From: David Gibbs <david@xxxxxxxxxxxx>
Date: Fri, 01 Aug 2008 12:44:49 -0500
List-archive: <http://archive.midrange.com/rpg400-l>
List-help: <mailto:rpg400-l-request@midrange.com?subject=help>
List-id: RPG programming on the AS400 / iSeries <rpg400-l.midrange.com>
List-post: <mailto:rpg400-l@midrange.com>
List-subscribe: <http://lists.midrange.com/mailman/listinfo/rpg400-l>, <mailto:rpg400-l-request@midrange.com?subject=subscribe>
List-unsubscribe: <http://lists.midrange.com/mailman/listinfo/rpg400-l>, <mailto:rpg400-l-request@midrange.com?subject=unsubscribe>

Wilt, Charles wrote:

I think we can all agree when it comes to security, unqualified
references to programs is a bad thing.

There are ways to provide secure access to application functionality without requiring qualified references to programs. This is especially true when it comes to vendor application (which may, or may not, be installed in the same library on every customers system).

And, when it comes down to it, the library list is there for a reason ... being able to put a updated program higher in the library list is darn useful ... especially when you are trying to do problem determination.

If you have a program that adopts higher (or even different) authority than the user normally has, then bind by copy is darn useful.

david

As an Amazon Associate we earn from qualifying purchases.

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.