Phil,

I have run into a few showstoppers with adoption. Triggers, IFS files
and vendor packages are three examples. If you rely on adoption, you may
need to redo your security scheme when you implement an application
change. I have been forced to redo the authority of an application that
relied on adoption when a new OS release ended adoption in an IBM
supplied process. I had a similar experience with a widely-used vendor
package that broke on a new release because it started using a system
function that ended adoption. I have also run into application changes
that failed due to IFS access. 

In your original message you said:

"I would use adopted authority for access through the expected
application interfaces and use proxy commands to limit the use of EDTF
or DFU to well-defined views of the data, then take away the data rights
to the file. The object authority is still checked on the remote server
interfaces. If you need access to the file from one or more remote
servers, you can use exit programs to give you this authority."

I took that to mean that you used adopted authority in your exit program
but it sounds like you are actually swapping or setting the effective
user, which is the approach I use in all cases where I used to use
adoption. There are some other steps you need to take like register
exits to back out the authority to mimic adoption.

You mention remote access users being granted ownership privileges as
the biggest security problem you see with adoption. I frequently see
high power profiles being adopted in poorly implemented programs opening
up all kinds of possibilities. 

--David Morris 


-----Original Message-----
From: security400-bounces@xxxxxxxxxxxx
[mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Phil Ashe
Sent: Thursday, September 07, 2006 12:02 PM
To: Security Administration on the AS400 / iSeries
Subject: Re: [Security400] Commands for Limited Users

David:

<vendor spiel> We implemented capabilities to swap profiles in our
remote server exit programs. We have the ability to increase or decrease
a user's authority to an object. I think this is a common feature from
many exit program providers.

I wasn't aware that adopted authority was outdated. I think it is still
commonly used. I have seen poor implementations of adopted authority,
usually in the one-size-fits-all implementation from some package
vendors. The biggest security problem I continue to see with adopted
authority is allowing the user profile that owns objects to be
accessible by remote servers.

I haven't seen large applications built around adopted authority that
use files outside of QSYS.LIB. I can see problems in this space. 

Phil Ashe


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.