LISTSERV - HP3000-L Archives

HP3000-L Archives

June 2000, Week 5

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L June 2000, Week 5

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Security Vulnerability in DBUTIL
From:	Sletten Kenneth W KPWA <[log in to unmask]>
Reply To:	Sletten Kenneth W KPWA <[log in to unmask]>
Date:	Thu, 29 Jun 2000 16:26:45 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (29 lines)

Earlier today Patrick posted on this subject...
he subsequently caught that I had posted last night;  no
problem;  his heart is in the right place;  he was and is trying
to do the right thing and help the user community....  thanks,
Patrick...    :-)

See also my second post earlier today...

After reading Patrick's post and his good questions at the end,
it strikes me that I can't think of any valid reason not to answer
one of his questions for everybody;  if I'm a little careful and do
not drift off into the specifics of "how":

> .....  Is it something you could do accidentally without
> realizing you were violating security (e.g. using an ERASE
> command without being the DB creator), or is it some kind
> of hack?

While I suppose one can never say never, in the real world I
cannot imagine how one person would ever unintentionally
"stumble" all the way through this.  That does not mean it is
hard to do;  but I can say that it requires a series of actions
separate from and in addition to running DBUTIL.....  HTH
reduce the worry level for all who may be asking the same
question....

Ken Sletten
SIGIMAGE Chair

ATOM RSS1 RSS2

RAVEN.UTC.EDU