Hi Donna :)
    You are right... the file given what you did with the rights will be
secure .... given MPE's security.

    But....

   Any terminal/PC that is logged on with manager.sys capabilities is an
access point... especially when said device doesn't have the authorized
user in front of it!  The best locks in the world only work when the user
remembers to use them!

Art "why yes, I am paranoid! hehe" Bahrs
P.S. but that doesn't mean "They" aren't out there to get me! hehe

=======================================================
Art Bahrs, CISSP           Information Security          The Regence Group
(503) 553-1425              FAX (503) 553-1453


|---------+-------------------------------->
|         |           "donna garverick"    |
|         |           <donna_garverick@yaho|
|         |           o.com>               |
|         |           Sent by: "HP-3000    |
|         |           Systems Discussion"  |
|         |           <[log in to unmask]
|         |           DU>                  |
|         |                                |
|         |                                |
|         |           04/02/2004 11:19 AM  |
|         |           Please respond to    |
|         |           i_hate_spam          |
|         |                                |
|         |           |-------------------||
|         |           | [ ] Secure E-mail ||
|         |           |-------------------||
|---------+-------------------------------->
  >--------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                          |
  |      To:    [log in to unmask]                                                                                       |
  |     cc:                                                                                                                  |
  |     Subject:      Re: [HP3000-L] EOF's on hpuid and command files                                                        |
  >--------------------------------------------------------------------------------------------------------------------------|




--- Mike Hornsby <[log in to unmask]> wrote:
> I would strongly recommend adding step #7 as BULDJOB1 will contain
> clear text passwords for every ACCOUNT, GROUP, and USER.
> Purge BULDJOB1
> Purge BULDJOB2
>
> IMHO, A better method would be to execute the following prior to
> running
> BULDACCT to avoid an accidental security problem:
> Purge BULDJOB1
> Purge BULDJOB2
> file BULDJOB1;temp
> file BULDJOB2;temp

i must be missing something....  i don't see the benefit of running
buldacct out to temporary files...

however this does work:

!buldacct '@'
!altsec buldjob1;access=(r,l,x,w,a:CR)
!altsec buldjob2;access=(r,l,x,w,a:CR)

this is a snippet from one of my jobs (that runs as manager.sys).  both
files are secure.              - d

=====
Donna Garverick     Sr. System Programmer
dgarverick -at- longs -dot- com
925-210-6631        Longs Drug Stores

Come, my friends, 'Tis not too late to seek a newer world.
Tho' much is taken, much abides; and tho'
We are not now that strength which in old days
Moved earth and heaven, that which we are, we are.
"Ulysses", A. Tennyson

>>>MY opinions, not Longs Drug Stores'<<<

__________________________________
Do you Yahoo!?
Yahoo! Small Business $15K Web Design Giveaway
http://promotions.yahoo.com/design_giveaway/

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *