QSECURITY

360 pts.
Tags:
iSeries
iSeries applications
iSeries Cobol programming
iSeries data center
iSeries RPG programming
Hi, I would like to know if there is a security loophole on QSECURITY 30? What is the difference of QSECURITY 30 and 40? Thank you. JL

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 9  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    I would like to know if there is a security loophole on QSECURITY 30? "Loophole"? I don't know if I'd say it that way. Programmers on QSECURITY=30 can access elements of the system that need to be restricted at many sites. Each QSECURITY level tightens restrictions more. What is the difference of QSECURITY 30 and 40? As the help text says, the difference is that level 40 adds this restriction:
    • Programs fail if they try to access objects through interfaces that are not supported.
    Various MI functions are blocked at 40 that are unblocked at 30. Programs must use appropriate IBM APIs in place of blocked MI functions. It doesn't matter if the programs are created on the system or restored from a different system. The restricted functions are blocked at run-time. Tom
    125,585 pointsBadges:
    report
  • Jedlasquite
    thanks Tom
    360 pointsBadges:
    report
  • Jedlasquite
    By the way what is MI?
    360 pointsBadges:
    report
  • TomLiotta
    what is MI? A basic answer is "Machine Interface" or maybe better is TIMI or "Technology-Independent Machine Interface". The AS/400 operating system doesn't exactly run on any real machine or hardware. It runs on top of a 'machine interface', a kind of microcode layer that presents a set of 'machine instructions' that look pretty much the same no matter what hardware is actually underneath everything. It's kind of like how java manages to run on so many different systems without needing to change the java instructions. Many MI functions are exposed for use to ILE programs. You can also write MI programs and use a kind of assembler API to compile them. Exactly how deep you can go down into things is part of what QSECURITY helps to control. Tom
    125,585 pointsBadges:
    report
  • rajeshece
    Eg : If you want to create User Space in your system, QSECURITY Value should be 40. It will restrict us to do some operation
    1,215 pointsBadges:
    report
  • jinteik
    yeah with level 40 it will surely it will be tighter security and if an id that has special authority, u will need your own session name
    17,600 pointsBadges:
    report
  • TomLiotta
    If you want to create User Space in your system, QSECURITY Value should be 40. A user space (*USRSPC object) can be created at any QSECURITY level. The QALWUSRDMN system value can restrict which libraries may contain *USRSPC (or any user domain *USRxxx) objects. Tom
    125,585 pointsBadges:
    report
  • Jedlasquite
    thank you for the inputs. just to add Assuming if I were to toggle the QSECURITY value to 40 and most of our programs and interfaces fails, would I fix it by reverting back to QSECURITY value to 30 without restarting server and services? Also, in QAUDLVL, can I add *AUTFAIL and *PGMFAIL even if my audit journal is already running? Will it take effect immediately? Thanks
    360 pointsBadges:
    report
  • TomLiotta
    ...in QAUDLVL, can I add *AUTFAIL and *PGMFAIL even if my audit journal is already running? Will it take effect immediately? The audit levels can be changed at any time. The 'help' text for QAUDLVL includes:
    • A change to this system value takes effect immediately for all jobs running on the system.
    ...if I were to toggle the QSECURITY value to 40 and most of our programs and interfaces fails, would I fix it by reverting back to QSECURITY value to 30 without restarting server and services? QSECURITY is necessarily more intrusive than QAUDLVL and other system values. Higher restrictions cause different system components to be loaded/initialized when the system starts up. Therefore, as the 'help' for QSECURITY states:
    • A change to this system value takes effect at the next IPL.
    Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following