But why solve the problems? "Pre-validation" in this sense could be renamed "let's try a few things to see if we're close to guessing the password" We currently have this issue in our shop. Us security types look at it as "working as designed."
Three strikes and you're out exists for a reason. In baseball you don't get pretend swings to determine if a pitch is in the strike zone (apologies to non-US, non Caribbean, non Japan, non Taiwan colleagues). The app you are suggesting appears to be a hacking tool in disguise. (looks like a duck, walks like a duck, quacks like a duck..........) -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Brian Crow Sent: Thursday, July 12, 2007 6:30 AM To: [email protected] Subject: Re: pre-validating RACF userids and passwords in application. >-----Original Message----- >From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf >Of Kenneth E Tomiak >Sent: 12 July 2007 00:07 >To: [email protected] >Subject: Re: pre-validating RACF userids and passwords in application. >> >> >>What I may do is to have a button like "Validate host / userid / >>password" so that the user can click that and attempt to connect to the >>host using the given userid and password. If the logon fails, I'll >>report that to the user. If the user doesn't want to valid at that time, >>then it is his problem if the ftp fails later on. That's what I'm trying >>to avoid. >> >>-- > >If that validation fails it still counts as a strike against the number of >invalid >attempts. An easy way to get the userid revoked. You know how impatient >clickers are, they can click quicker than your application can respond. > If the application is used to ftp several datasets with a fat finger-ed password then you could use up all your strikes in one go. Any one submitted a job with several steps each (N)FTP-ing a dataset and forgot the global change of password. BTDTGTS. The validate user/password button could save a lot of problems. Brian ------------------------------------------------------- --------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
