Forum: Security

Robert, That is too bad. We are not used to this sort of unfriendly abuse in the AS/400 world. Did IBM point you to their PTFs that allow you to...

Is there any 3rd party software - that audits users, as far as jobs ran, jobs printed, sign in and out - Ect.

There was a pretty good article about IFS authority in "the other magazine" in March 2000 (article ID 6155 at as400network.com). There was also a...

Hi, I'm implementing an HTTP server which will control access using digital certificates furnished from a smartcard device at the browser. Since it...

Can the IFS be forced to use the DTAAUT(*INDIR) and OBJAUT(*INDIR) keywords on FTP uploads? The software package I use uploads files to the IFS using...

In the UNIX world there is a 'htaccess' command that will force a web browser to prompt for a user ID, and password, when a browser requests access...

Use DSPPGM and look at the 'user profile' and 'use adopted authority' items. Scott Mildenberger

Don, I would start by restricting the command line and setting your users' profiles to limit capabilities *YES. This is pretty simple. The hard part...

There are several things that you should be aware of....and this is only a partial list... 1) make sure all of the IBM default user ID's (QSECOFR,...

I have multiple IP subnets in my network - one for each department. I would like each department to see a different signon screen and sign into a...

I want clients to FTP their data to our AS/400 versus cutting tapes. Are there encryption products out there for the AS/400? I found one, but it is...

I recently implemented as a security precaution, a change to 95% of my user profiles. The remaining 5% I do not want changed because of various...

I have setup a folder (FOLDER) in the ROOT directory and given it a group profile of GROUP. I have given GROUP every possible authority and...

Hi everyone, While I know that there should be absoultely as few profiles on a system with *allobj authority (ok, none), just for curiosity's sake,...

Are there any significant security changes from V4R4 to V4R5? If so, is there any documentation on-loine that I can reference? Chris Stafford

A client on our AS/400 requires a production ID set up with extra security to allow the programmers to do some things they cannot do with their own...

I am setting up security on a new AS/400. I don't want to give our programmers *ALLOBJ authority like they have on our other AS/400s. I know this is...

During an audit I found out that at least two persons are working with the original QSECOFR profile. I allways had the opinion, that 1. the profiles...