> i must be missing something.... i don't see the benefit of running
> buldacct out to temporary files...
I guess I'm too paranoid, but I wouldn't want all of the passwords on the
system to be available to everyone
signed on to the system, even for one millisecond.
From experience, helping system administrators chase down and correct
*security issues* after the fact is very time consuming.
The the job/session temporary file domain status of a file provides process
tree local, interim reality, and access to my current sign on.
Mike
----- Original Message -----
From: "donna garverick" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Friday, April 02, 2004 2:19 PM
Subject: Re: [HP3000-L] EOF's on hpuid and command files
> --- Mike Hornsby <[log in to unmask]> wrote:
> > I would strongly recommend adding step #7 as BULDJOB1 will contain
> > clear text passwords for every ACCOUNT, GROUP, and USER.
> > Purge BULDJOB1
> > Purge BULDJOB2
> >
> > IMHO, A better method would be to execute the following prior to
> > running
> > BULDACCT to avoid an accidental security problem:
> > Purge BULDJOB1
> > Purge BULDJOB2
> > file BULDJOB1;temp
> > file BULDJOB2;temp
>
> i must be missing something.... i don't see the benefit of running
> buldacct out to temporary files...
>
> however this does work:
>
> !buldacct '@'
> !altsec buldjob1;access=(r,l,x,w,a:CR)
> !altsec buldjob2;access=(r,l,x,w,a:CR)
>
> this is a snippet from one of my jobs (that runs as manager.sys). both
> files are secure. - d
>
> =====
> Donna Garverick Sr. System Programmer
> dgarverick -at- longs -dot- com
> 925-210-6631 Longs Drug Stores
>
> Come, my friends, 'Tis not too late to seek a newer world.
> Tho' much is taken, much abides; and tho'
> We are not now that strength which in old days
> Moved earth and heaven, that which we are, we are.
> "Ulysses", A. Tennyson
>
> >>>MY opinions, not Longs Drug Stores'<<<
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Small Business $15K Web Design Giveaway
> http://promotions.yahoo.com/design_giveaway/
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|