DSPLOG and all security error msg related
Hi, how can I display all the security errors (not authorized, user profile disabled, etc) from the qhst, I know some cpf but not all of them. Thank you guys in advance.
Hi, how can I display all the security errors (not authorized, user profile disabled, etc) from the qhst, I know some cpf but not all of them. Thank you guys in advance.
400 pts.
How is the program data area used in an exit point
When using WRKREGINF, you can register an exit point for a user written program. When defining the exit point, there is a program data area that you can use. How is the program data area used? Can you pass parameters to your exit program via the program data area?
When using WRKREGINF, you can register an exit point for a user written program. When defining the exit point, there is a program data area that you can use. How is the program data area used? Can you pass parameters to your exit program via the program data area?
SQL/400
Hi friends, I have on my System many Users with the userclass *SECOFR, How can I determine only one user to use the command STRSQL ?,
Hi friends, I have on my System many Users with the userclass *SECOFR, How can I determine only one user to use the command STRSQL ?,
Source code review on RPG for regulatory compliance -- resources
We are required by a local regulatory body to perform source code review on RPG programs to identify insecure coding practices, security vulnerability, deficiencies, gaps and mistakes. We have searched through the net to look for tips on how to perform the review, and there does not seem to be...
We are required by a local regulatory body to perform source code review on RPG programs to identify insecure coding practices, security vulnerability, deficiencies, gaps and mistakes. We have searched through the net to look for tips on how to perform the review, and there does not seem to be...
Can anyone provide a list of "Best Practices" or recommended commands to secure from command line users...???
For Security and auditing purposes we need to secure potential harmful commands frok the few profiles which have command line access. I'm looking for a base list of commands or recommended best practices or a starting point / list. All insight is welcome
For Security and auditing purposes we need to secure potential harmful commands frok the few profiles which have command line access. I'm looking for a base list of commands or recommended best practices or a starting point / list. All insight is welcome
Encrypting fields in the AS/400
Greetings, We are required to encrypt credit card fields in the AS/400 files. I am looking for something convenient to encrypt/decrypt field while in the RPG ILE program. Do we need to buy a software? Does As/400 has its own APIs? Please advise. Thanks Gary Liberman
Greetings, We are required to encrypt credit card fields in the AS/400 files. I am looking for something convenient to encrypt/decrypt field while in the RPG ILE program. Do we need to buy a software? Does As/400 has its own APIs? Please advise. Thanks Gary Liberman
Authority Failure Events
Can someone tell me what is "Authority Failure Events" in AS400 security monitoring. How can I solve this problem?
Can someone tell me what is "Authority Failure Events" in AS400 security monitoring. How can I solve this problem?
COGNOS/ AS400
One of our technicians is trying to install COGNOS on a PC with I-series driver asking for username and password. No one in the organization remembers the password. Is there a way to query a physical file? If so which file might that be?
One of our technicians is trying to install COGNOS on a PC with I-series driver asking for username and password. No one in the organization remembers the password. Is there a way to query a physical file? If so which file might that be?
AS400 Security Matters
Just like to check-out with you. If the IBM Supplied user profiles default password is not changed but password set to *NONE, will it be possible that these user profiles be used by login on to the AS400 system, taking into consideration that the QSECOFR and DST are properly controlled?
Just like to check-out with you. If the IBM Supplied user profiles default password is not changed but password set to *NONE, will it be possible that these user profiles be used by login on to the AS400 system, taking into consideration that the QSECOFR and DST are properly controlled?
Resetting the DST QSECOFR password
I am building a Partition as part of a DR test on a 570. The partition I am building is running at V5R3 and I do not remember the DST QSECOFR password. How can I reset this, as I am not on a command line and so cannot use the CHGDSTPWD, and am not using LAN Console so can't use option 65?
I am building a Partition as part of a DR test on a 570. The partition I am building is running at V5R3 and I do not remember the DST QSECOFR password. How can I reset this, as I am not on a command line and so cannot use the CHGDSTPWD, and am not using LAN Console so can't use option 65?
Controlling access to WRKJOBSCDE
Our users need command-line access for a number of commands, but I don't want them to have access to the WRKJOBSCDE command. What is the best way to restrict access to a specific command like this? Thanks in advance...
Our users need command-line access for a number of commands, but I don't want them to have access to the WRKJOBSCDE command. What is the best way to restrict access to a specific command like this? Thanks in advance...
WRKQRY Security Flaw / Users can Alter/ Replace Data in Production Files
Can a user change or replace data, members, or the file itself (a prodcution file in a production lib) using WRKQRY...??? I have an auditor who believes in the "Define the Query" display, 2nd to last option ("Select output type and output form") you can specify 3 in the output type (3 = datafile...
Can a user change or replace data, members, or the file itself (a prodcution file in a production lib) using WRKQRY...??? I have an auditor who believes in the "Define the Query" display, 2nd to last option ("Select output type and output form") you can specify 3 in the output type (3 = datafile...
AS400 Sign on
When you take "Run the same" to open a new session you have to retpe the user id twice on in a window and then on the green screen. Does anyone know of a way to bypass one of the signons? Thanks
When you take "Run the same" to open a new session you have to retpe the user id twice on in a window and then on the green screen. Does anyone know of a way to bypass one of the signons? Thanks
iSeries audit log protection
How are iSeries audit logs protected (e.g., who can access them? Can they be changed?)
How are iSeries audit logs protected (e.g., who can access them? Can they be changed?)
Force user signoff after a time limt (AS/400)
Is there some way to force users to signoff (endjob) after a specified time limit has expired. For example if I have been signed on for more than 8 hours this interactive job should end.
Is there some way to force users to signoff (endjob) after a specified time limit has expired. For example if I have been signed on for more than 8 hours this interactive job should end.
QSECOFR password
Hi, i forgot my qsecofr password.any possiable way to know that password..please help me.. Thanks in advance, Regards, baskar
Hi, i forgot my qsecofr password.any possiable way to know that password..please help me.. Thanks in advance, Regards, baskar
iSeries Object Authority vs. Menu Security
Hello, I am new to iSeries and OS/400. Here is my question: Let's say in a level 30 security environment, user access is controlled through a menu, which does not alow them to access any sensitive objects. But a number of sensitive objects have been assigned *ALL authority for *PUBLIC. Can these...
Hello, I am new to iSeries and OS/400. Here is my question: Let's say in a level 30 security environment, user access is controlled through a menu, which does not alow them to access any sensitive objects. But a number of sensitive objects have been assigned *ALL authority for *PUBLIC. Can these...
How Do I Move From AS400 Security Level 30 To 40?
I have reviewed system values for QAUDLVL and found the we have the appropriate values running. I have reviewed the journals that contain over 3 months of information and determined that we have no AF or J entries. Is this all I need to verify before I recommend that we move to level 40? I have...
I have reviewed system values for QAUDLVL and found the we have the appropriate values running. I have reviewed the journals that contain over 3 months of information and determined that we have no AF or J entries. Is this all I need to verify before I recommend that we move to level 40? I have...
