Comments on: WRKQRY Security Flaw / Users can Alter/ Replace Data in Production Files http://itknowledgeexchange.techtarget.com/itanswers/wrkqry-security-flaw-users-can-alter-replace-data-in-production-files/ Tue, 21 May 2013 17:44:06 +0000 hourly 1 By: tomliotta http://itknowledgeexchange.techtarget.com/itanswers/wrkqry-security-flaw-users-can-alter-replace-data-in-production-files/#comment-69279 tomliotta Wed, 21 Oct 2009 00:40:13 +0000 #comment-69279 If you’ve given authority to change the file data to the user, they can change it with WRKQRY or UPDDTA or ODBC or RPG or COBOL or CL or REXX or remote commands or… well, just about any tool they can get hold of that’s capable of issuing file updates. The security flaw is not in the tools; it’s in the authority that’s been granted to the users.

If you don’t want a user to change file data, revoke the authority to change the data.

Tom

]]> By: gilly400 http://itknowledgeexchange.techtarget.com/itanswers/wrkqry-security-flaw-users-can-alter-replace-data-in-production-files/#comment-55074 gilly400 Fri, 25 Jul 2008 09:10:23 +0000 #comment-55074 Hi,

Unless the output format is the same as the existing file (which is unlikely from a query), then the only thing they can possibly do is replace the file. If this happens then your application programs are likely to start crashing with level checks, so you’ll know straight away that someone’s done this.

If you have your security set up correctly with authorisations to files ,etc then you shouldn’t get this happening. If you don’t have your security set up right, then your users can probably use all sorts of other ways to modify data they shouldn’t be modifying.

You can always set up a test file and user and show this to your auditor – just to prove the point.

Regards,

Martin Gilbert.

]]>