RE: [U2] Uniobjects hack
You might want to look at the article in the U2UG newsletter on security. http://u2ug.org/docs/20040919_U2UG_Newsletter.pdf that deals with this issue. With Universe a program can have higher access rights than the user. If a user gets to tcl they may not have access rights to update, enquire or delete records in a file. However they can run a program that can update that same file. This may solve the issue of UniObjects from Excel to access tcl and the security issue. Regards David Jordan --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Software as Services
At 22:08 -0700 2005/05/26, Tony Gravagno wrote: The long link was broken by email word wrapping. Most e-mail servers and clients don't break lines wrapped in 's. Try: http://www.crn.com/sections/breakingnews/breakingnews.jhtml?articleId=163701126 Ray -- .=. | =-=-=-=-=-=-= Eagle Rock Information Systems Corp =-=-=-=-=-=-= | | -=-=-=-=-=-=- web and database business solutions -=-=-=-=-=-=- | | http://www.eriscorp.commailto:[EMAIL PROTECTED] | |Midwest Regional Office: 815-547-0662 (voice) 815-547-0353 (Fax)| .=. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] U2 XML./DB Tool
Phil Walker wrote on Fri, 27 May 2005 9:54:17 +1200 3. IBM, why would the flavour of an account effect the use of a client tool such as U2 XML/DB Tool? Is this a design oversight? - or was it assumed that users would change the account flavour, ... This is not the only tool that requires a certain flavour. SB+ requires Pick flavour to operate correctly. Remember: the flavour not only affects syntax, but also the symantics of certain commands. Take a look at the help for the LOCATE command for a prime example of how the same syntax generates different results. Under SB+, there are ways of changing flavour from Pick to Native on the fly, but since I work primarily in Pick flavour, I don't know if the reverse is true. Under UniData, take a look at the help for the ECLTYPE command and the BASICTYPE compiler directive for additional information. --Tom Pellitieri Century Equipment --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
How about using file level security, and common area in your subroutines. Marc Harbeson ERP/Systems Administrator Brinly Hardy Company O - (812) 218-7206 F - (812) 218-6084 [EMAIL PROTECTED] www.brinly.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Kent Sent: Friday, May 27, 2005 2:03 AM To: u2-users@listserver.u2ug.org Subject: Re: [U2] Uniobjects hack Steve, thanks for that jak - Original Message - From: Steve Johnson [EMAIL PROTECTED] To: u2-users@listserver.u2ug.org; U2UG u2-users@listserver.u2ug.org Sent: Friday, May 27, 2005 2:46 PM Subject: Re: [U2] Uniobjects hack How about running a monitor program constantly in the background. It monitors all new logins to U2. The new login process must send a sleeping pill to the monitor within a short time after login -- short being relative to your system performance. If the monitor doesn't receive this sleeping pill then it kills the new login. The trick here is to keep the requirement for this sleeping pill as secret as possible; and to invent one that cannot be easily spoofed; and to insure that the monitor is always active. Steve Johnson FXA Group Ltd Bangkok --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Help with BREAK-ON TOTAL
From the same Robin Williams blurb... I changed the CHOO-CHOO command on our old Reality spirit system to say Reality..What a concept! The Choo-Choo command in reality would print out an ASCII picture of a steam engine train. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Larry Hiscock Sent: Thursday, May 26, 2005 4:43 PM To: u2-users@listserver.u2ug.org Subject: RE: [U2] Help with BREAK-ON TOTAL REALITY is for people who can't handle drugs. ;-) --Larry Larry Hiscock Western Computer Services --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] Uniobjects hack
The ability to bypass application security using UniObjects has really got me thinking. In the absence of any suitable remedies and perhaps as a stop gap solution whilst a better solution is written, I would recommend the following: 1. As Martin said, make sure that you do not let UniObjects traffic through your firewall. This cuts down the threat from outside but many hacks come from employees who are disgruntled or just plain nosey. 2. If you don't require UniObjects on all PCs then don't install it. If you do require it, don't install the documentation that gives the user a sample application to copy. Change the standard port used by UniObjects and don't advertise it. 3. Consider an architecture where the UniObjects client is a separate server (e.g. web server or Citrix server) and users don't require the UniObjects DLLs on their own client. This is also easier to maintain when you upgrade. 4. In addition to application security, make use of OS security. For example, if your HR system is only used by a handful of people, don't give all your users access to the data files and rely on the application security to keep them away. If they have to steal a password as well as write a VBA program, it is harder than just writing a VBA program. 5. Don't hard code usernames and passwords into your source code! They can be seen in the object code of any application. 6. Keep an eye on logs and look out for unusual behaviour. Can anyone help me with this? What logs are written to when someone logs in and can you distinguish between a telnet login and a UniObjects login? The reason it got me thinking was because I am guilty on a number of these points :- so thanks for the question! Regards, Rob Wills (rob dot wills at tigerinfotech dot com) --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] Uniobjects hack
How about using file level security, and common area in your subroutines. The problem remains that a user who can validly use the application must have access to these files and hence can open them and tinker in his own VB program. It all comes down to the fact that UV/Udt cannot tell the difference between a valid VB application and someone's own private little program. Martin Phillips Ladybridge Systems 17b Coldstream Lane, Hardingstone, Northampton NN4 6DB +44-(0)1604-709200 --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
The same issue applies for SQL access to UniVerse as it does for UniObjects. It is a problem for RDBMS. They get around by restricting access and only allowing updates through Stored Procedures which can have a different access level. UniVerse can do the same thing. Regards David Jordan --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, May 27, 2005 10:56 AM To: u2-users@listserver.u2ug.org Subject: Re: [U2] Uniobjects hack The ability to bypass application security using UniObjects has really got me thinking. In the absence of any suitable remedies and perhaps as a stop gap solution whilst a better solution is written, I would recommend the following: 1. As Martin said, make sure that you do not let UniObjects traffic through your firewall. This cuts down the threat from outside but many hacks come from employees who are disgruntled or just plain nosey. 2. If you don't require UniObjects on all PCs then don't install it. If you do require it, don't install the documentation that gives the user a sample application to copy. Change the standard port used by UniObjects and don't advertise it. You can still sniff out open ports easily. Your best bet is to map port access by IP class range and exclude departments that don't need access. Of course, if the network is all over the place then you'll need to specify filtering by IP. 3. Consider an architecture where the UniObjects client is a separate server (e.g. web server or Citrix server) and users don't require the UniObjects DLLs on their own client. This is also easier to maintain when you upgrade. DMZ setup is still a big part of the equation if you use a remote machine to host a connectivity portal. The only problem there is traceability, if someone where to hack into that box and gain root/admin privs. The same can be said for any box on the LAN, except you won't be looking for oddball IP-based activity if it's all coming from one machine. :P 4. In addition to application security, make use of OS security. For example, if your HR system is only used by a handful of people, don't give all your users access to the data files and rely on the application security to keep them away. If they have to steal a password as well as write a VBA program, it is harder than just writing a VBA program. 5. Don't hard code usernames and passwords into your source code! They can be seen in the object code of any application. You can concatenate raw characters together to form a username or password, and you won't be able to easily pull the object code up in hexedit and look for stored strings. You can also use an internal character shifting algorithm to make it harder to dechiper what's what in the object code. 6. Keep an eye on logs and look out for unusual behaviour. Can anyone help me with this? What logs are written to when someone logs in and can you distinguish between a telnet login and a UniObjects login? If you are firewalling the box, then you should be able to log incoming traffic regardless of destination port. If not, then setup a firewall router that can log and report activity. A 586 with 32MB of RAM will run a Linux firewall just fine. Glen http://mvdevcentral.com --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] udtconfig gurus - AIX shm tuning
Does this mean that I should change my udtconfig parameter to 10485760 * 4 and performance may increase? - Rod $UDTBIN/ipcstat -mb | grep sbcs m 8107 0 --rw-r--r-- rootother 10485760 - sbcs R6.0 m 37971309 0 --rw-r--r-- rootother 10485760 - sbcs R6.0 m3367268 0 --rw-r--r-- rootother 10485760 - sbcs R6.0 m 165791808 0 --rw-r--r-- rootother 10485760 - sbcs R6.0 -Original Message- From: Wally Terhune [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 6:02 PM To: u2-users@listserver.u2ug.org Subject: RE: [U2] udtconfig gurus - AIX shm tuning AIX doc hasn't been updated (though it is overdue...) If you read it, don't use AIX extended shared memory - performance issues with how UniData uses shared memory and how extended shared memory is implemented by AIX. We do have a 64-bit port of UniData for AIX (UniData 6.1.7)- which makes all of the 32-bit shared memory restrictions disappear. If you are running a 32-bit port of UniData (all the rest) - here is the short version of tuning to avoid shared memory errors: 1) Set SHM_ATT_ADD=0 (if not already) 2) Tune so you only need one glm segment (record lock table - GLM_MEM_SEGSZ) ($UDTBIN/ipcstat -mb | grep glmon a busy system) 3) Tune so you only need one sbcs segment (SBCS_SHM_SIZE) - depends on how many application programs you globally catalog 4) SHM_GNPAGES=64, SHM_GPAGESZ=2048 - reasonable place to start. Make sure pages*pagesz*512 does not exceed 256mb. 5) SHM_LMINENTS=15 (or more - small structure - 30 is OK setting and likely more than you will ever need). Wally Terhune Manager - U2 Advanced Technical Services IBM Information Management Solutions Tel: 303.294.4866 Fax: 303.294.4832 [EMAIL PROTECTED] www.ibm.com/software/data/u2/support - Open, Query, Update, Search - Online! Ken Wallis [EMAIL PROTECTED] node.on.net To Sent by: u2-users@listserver.u2ug.org [EMAIL PROTECTED] cc stserver.u2ug.org Subject RE: [U2] udtconfig gurus? 05/26/2005 04:29 PM Please respond to u2-users Robert Paterson wrote: Have to say that the best source of that information in my view is the UniData manuals. earlier Jeff Schoby wrote: Does anyone have a good detailed reference for the settings in the udtconfig file and the formulas used to set each parameter. Or at least some good rules of thumb? I'm migrating from an AIX 4.3.3 box with 1.25GB of ram (and about 150 users) to a p5 Series running aix 5.3 with 12GB of ram and I want to make sure we make efficient use of that ram. I'd have to say I agree with Robert. The best available source is the manuals, and these are online, but since Jeff doesn't indicate version numbers for UniData, it s hard to provide the right URL. Also, there is a document specifically about tuning UniData on AIX because of the special constraints that OS used to impose. I have a copy of this, but don't know if there is an updated version available now AIX has moved forward so far. Wally? If there isn't a more readily available version of this document, then I'll happily email it direct to you Jeff, but you'll need to understand how AIX has changed lately so you can determine which bits are now less important. AIX 4.3.3 to 5.3 in one bound is a big jump. Are you keeping the same UniData Release? Or is this a move to a new box that happens to have a new OS release? Do you use RFS or Journaling? Replication, ODBC? All these might make demands on how you set up your udtconfig. If you'd like professional input on tuning the new system, then I'm sure there are guys in the US who offer consulting services and have experience with this. IBM do it, I know, and I think Strategy 7 do too. Alternatively, if you can provide me with access to the system remotely, then I'd be prepared to give you my input on a professional basis too. Drop me a direct email if you want to follow up on this. Cheers, Ken Ken Wallis Empower Data Solutions Blue Mountains, Sydney, Australia --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ [demime 1.01d removed an attachment of type image/gif which had a name of graycol.gif] [demime 1.01d removed an attachment of type image/gif which had a name of pic24344.gif] [demime 1.01d removed an attachment of type image/gif which had a name of ecblank.gif] --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit
[U2] UV Objects
We are trying to get UV Objects to tell us when a user's password has expired. There is an error (# 80019) that seems like it should work, but in testing I get no error back using a login with an expired password. I need to know if anyone else has run into this issue and has found a way to make UV Objects recognized expired passwords... Thanks Gary P. Canedy Database Analyst ProMutual Group (617) 757-6775 --- This email and any files transmitted with it are intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you received this email in error, please contact the sender immediately and delete this email from your system. If you are not the named addressee, you should not disseminate, distribute, print, or copy the email, or take any action in reliance on its contents. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] Uniobjects hack {Unclassified}
In message [EMAIL PROTECTED], HENDERSON MIKE, MR [EMAIL PROTECTED] writes Things will get better? No, things will get much, MUCH worse! When someone finds out my password, then to repair the security breach, I have to change my password. When someone finds out the magic number which is the encoding of my fingerprint, then to repair the security breach I have to ... um, no I can't fix that problem. What about the thieves who carjacked a Merc? Because it was biometrically started, they chopped off the driver's finger so they didn't need him to start the car. Cheers, Wol -- Anthony W. Youngman [EMAIL PROTECTED] 'Yings, yow graley yin! Suz ae rikt dheu,' said the blue man, taking the thimble. 'What *is* he?' said Magrat. 'They're gnomes,' said Nanny. The man lowered the thimble. 'Pictsies!' Carpe Jugulum, Terry Pratchett 1998 Visit the MaVerick web-site - http://www.maverick-dbms.org Open Source Pick --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] udtconfig gurus - AIX shm tuning
My comments (below) are AIX-32bit specific. If Rod is still running on Solaris, there is no need to change. Wally Does this mean that I should change my udtconfig parameter to 10485760 * 4 and performance may increase? - Rod $UDTBIN/ipcstat -mb | grep sbcs m 8107 0 --rw-r--r-- rootother 10485760 - sbcs R6.0 m 37971309 0 --rw-r--r-- rootother 10485760 - sbcs R6.0 m3367268 0 --rw-r--r-- rootother 10485760 - sbcs R6.0 m 165791808 0 --rw-r--r-- rootother 10485760 - sbcs R6.0 -Original Message- From: Wally Terhune [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 6:02 PM To: u2-users@listserver.u2ug.org Subject: RE: [U2] udtconfig gurus - AIX shm tuning AIX doc hasn't been updated (though it is overdue...) If you read it, don't use AIX extended shared memory - performance issues with how UniData uses shared memory and how extended shared memory is implemented by AIX. We do have a 64-bit port of UniData for AIX (UniData 6.1.7)- which makes all of the 32-bit shared memory restrictions disappear. If you are running a 32-bit port of UniData (all the rest) - here is the short version of tuning to avoid shared memory errors: 1) Set SHM_ATT_ADD=0 (if not already) 2) Tune so you only need one glm segment (record lock table - GLM_MEM_SEGSZ) ($UDTBIN/ipcstat -mb | grep glmon a busy system) 3) Tune so you only need one sbcs segment (SBCS_SHM_SIZE) - depends on how many application programs you globally catalog 4) SHM_GNPAGES=64, SHM_GPAGESZ=2048 - reasonable place to start. Make sure pages*pagesz*512 does not exceed 256mb. 5) SHM_LMINENTS=15 (or more - small structure - 30 is OK setting and likely more than you will ever need). Wally Terhune Wally Terhune Manager - U2 Advanced Technical Services IBM Information Management Solutions Tel: 303.294.4866 Fax: 303.294.4832 [EMAIL PROTECTED] www.ibm.com/software/data/u2/support - Open, Query, Update, Search - Online! --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
Richard: Am I accurate in thinking Pick __USED__ to have file level security but it doesn't exist in the U2 products because, it was always said, the O/S takes care of security (aka: we don't need no stinkin file level security)! Perhaps, having dbms security isn't such a bad idea after all. :-) Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Taylor Sent: Friday, May 27, 2005 8:09 AM To: u2-users@listserver.u2ug.org Subject: RE: [U2] Uniobjects hack [snipped] 2) Convert the account to an SQL schema. You can then attach file level security via the SQL user. Just remember to create a security entry for Public too otherwise you could end up locking out all the other users that are not subject to the tighter security. (i.e. GRANT ALL TO PUBLIC) If you are trying to allow them to access a file, but control what they do you may be out of luck. However you could use triggers to a least create audits. [snipped] Rich Taylor | Senior Programmer/Analyst| VERTIS 250 W. Pratt Street | Baltimore, MD 21201 P 410.361.8688 | F 410.528.0319 [EMAIL PROTECTED] | http://www.vertisinc.com --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] Uniobjects hack
All, The BetterBetter committee (got an idea for an improvement or fix? email [EMAIL PROTECTED]) has been listening in and kicking this around. Here's what we've come up with so far: UniData *has* a UOlogin functionality which will allow you to vett the user and decide if they can connect as a UO connection. You could build most of what you want in there. We haven't tested it on UniVerse, but I have the PE and UO set up, so if no one gets to it by Monday, I'll test it and let everyone know. - Chuck --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
Actually, when you convert an account to a schema you can use SQL security to do this. This is what I am referring to. You need to setup SQL users in your schema (same login used to get into UV) or set privileges for PUBLIC. If the user exists in the Schema user table then those permissions are used otherwise the PUBLIC setting is used. Note that you can use an account as both a schema and a regular account. This is the reason I needed to set all permissions for PUBLIC. I have done this under Universe to provide some basic security related to using Uniobjects in the past. I am not sure if this will fully solve the issue being discussed here or if Unidata would behave the same way. Rich Taylor | Senior Programmer/Analyst| VERTIS 250 W. Pratt Street | Baltimore, MD 21201 P 410.361.8688 | F 410.528.0319 [EMAIL PROTECTED] | http://www.vertisinc.com Vertis is the premier provider of targeted advertising, media, and marketing services that drive consumers to marketers more effectively. The more they complicate the plumbing the easier it is to stop up the drain - Montgomery Scott NCC-1701 Richard: Am I accurate in thinking Pick __USED__ to have file level security but it doesn't exist in the U2 products because, it was always said, the O/S takes care of security (aka: we don't need no stinkin file level security)! Perhaps, having dbms security isn't such a bad idea after all. :-) Bill -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Taylor Sent: Friday, May 27, 2005 8:09 AM To: u2-users@listserver.u2ug.org Subject: RE: [U2] Uniobjects hack [snipped] 2) Convert the account to an SQL schema. You can then attach file level security via the SQL user. Just remember to create a security entry for Public too otherwise you could end up locking out all the other users that are not subject to the tighter security. (i.e. GRANT ALL TO PUBLIC) If you are trying to allow them to access a file, but control what they do you may be out of luck. However you could use triggers to a least create audits. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
[U2] [AD] Programmer/Analyst Position
What We Do: Mothers Work, Inc. is the world's leading designer, manufacturer and retailer of maternity fashions in the U.S., with over 1,100 locations in the United States, Canada, and Puerto Rico - including leading brands A Pea in the Pod, Mimi Maternity and Motherhood Maternity and five online stores including Maternitymall.com. Programmer Analyst Mothers Work is looking for a Programmer Analyst to join its Information Systems department. The person in this position is responsible for supporting and/or installing software applications. This is a great career opportunity for a recent graduate who is enthusiastic, enjoys challenges and is looking to be in a fast-paced environment. Job Requirements: Design, modify, develop, write and implement software applications * Support and/or install software applications * Participate in the testing process through test review and analysis, test witnessing and certification of software Experience and Skills: Bachelors degree in technology related field Advanced computer skills Ability to work with limited supervision and make decisions with limited direction from management Ability to multi-task Detail oriented, highly organized highly motivated Benefits: Medical, dental and vision insurances Life and ADD insurances Supplemental life insurance Short and long term disability insurances 401K Employee stock purchase program Vacation/sick/holiday/personal time Employee assistance program Merchandise discount Contact Us: To apply please send a copy of your resume to [EMAIL PROTECTED] EOE --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] Uniobjects hack
UniData *has* a UOlogin functionality which will allow you to vett the user and decide if they can connect as a UO connection. You could build most of what you want in there. We haven't tested it on UniVerse, but I have the PE and UO set up, so if no one gets to it by Monday, I'll test it and let everyone know. These are all great ideas but they still do not address the fundamental problem A user who can validly make a connection to use an application can write his own client program to subvert the system. None of the proposed solutions solve this. As far as we can see, it requires a change to the server side of Uniobjects (hence the solution to the equivalent functions in our product). Martin Phillips Ladybridge Systems 17b Coldstream Lane, Hardingstone, Northampton NN4 6DB +44-(0)1604-709200 --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] [AD] Programmer/Analyst Position
Where exactly would this job be located? Gordon J. Glorfield Sr. Applications Developer MAMSI (A UnitedHealth Company) 301-360-8839 [EMAIL PROTECTED] wrote on 05/27/2005 04:59:37 PM: What We Do: Mothers Work, Inc. is the world's leading designer, manufacturer and retailer of maternity fashions in the U.S., with over 1,100 locations in the United States, Canada, and Puerto Rico - including leading brands A Pea in the Pod, Mimi Maternity and Motherhood Maternity and five online stores including Maternitymall.com. Programmer Analyst Mothers Work is looking for a Programmer Analyst to join its Information Systems department. The person in this position is responsible for supporting and/or installing software applications. This is a great career opportunity for a recent graduate who is enthusiastic, enjoys challenges and is looking to be in a fast-paced environment. Job Requirements: Design, modify, develop, write and implement software applications * Support and/or install software applications * Participate in the testing process through test review and analysis, test witnessing and certification of software Experience and Skills: Bachelors degree in technology related field Advanced computer skills Ability to work with limited supervision and make decisions with limited direction from management Ability to multi-task Detail oriented, highly organized highly motivated Benefits: Medical, dental and vision insurances Life and ADD insurances Supplemental life insurance Short and long term disability insurances 401K Employee stock purchase program Vacation/sick/holiday/personal time Employee assistance program Merchandise discount Contact Us: To apply please send a copy of your resume to [EMAIL PROTECTED] EOE [SNIP] This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] Uniobjects hack
Martin, Not true. Using UOlogin, I could run a filter and only allow a subset of the valid user list access. That would stop people from using telnet ids as UO ids. If you expand this to lock out some accounts to ALL UO logins, you can draw a box around the UO user. Now, if you said 'great ideas but they take too much work' then I'd be inclined to agree with you. We need a simpler way. - Chuck Simple Barouch Martin Phillips wrote: These are all great ideas but they still do not address the fundamental problem A user who can validly make a connection to use an application can write his own client program to subvert the system. None of the proposed solutions solve this. As far as we can see, it requires a change to the server side of Uniobjects (hence the solution to the equivalent functions in our product). --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] [AD] Programmer/Analyst Position
Gordon, According to their website, Philly. http://hotjobs.yahoo.com/jobs/PA/Philadelphia/Technology/J775698EE;_ylt=AgsQW5yT4g3kp28AsfDfp2mxQ6IX - Chuck Gordon J Glorfield wrote: Where exactly would this job be located? --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
I have looked at all of the documentation that I have and can't find ANY reference to UOLOGIN, UOlogin, ... Is this documented anywhere? I tried to create a simple PROC (UniData 6.1PE) and it doesn't execute on login. The interesting thing is that if I create and direct catalog a program called UOLOGIN, I can't login anymore (with UniObjects). It's either a coincidence or it may mean that there is something special that needs to be passed back in order to complete the connection. Regards, Jim UniData *has* a UOlogin functionality which will allow you to vett the user and decide if they can connect as a UO connection. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
Chuck, Thanks! Regards, Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Key Ally Sent: Friday, May 27, 2005 7:08 PM To: u2-users@listserver.u2ug.org Subject: Re: [U2] Uniobjects hack James, Here's a link on the IBM site. http://www.ibm.com/Search/?q=UOLoginv=14lang=encc=zzSearch.x=50Search. y=11Search=Search - Chuck --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
And the good reason why IBM restricts access to this information so only VARs and End-Users with direct support contracts can see it is? Why is this not in a publicly accessible piece of documentation? The number of times I have tried to register for an IBM techconnect ID and been refused because I'm a consultant not a VAR/End User is frustrating! :-( Cheers, Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Key Ally Sent: Saturday, 28 May 2005 9:08 AM To: u2-users@listserver.u2ug.org Subject: Re: [U2] Uniobjects hack James, Here's a link on the IBM site. http://www.ibm.com/Search/?q=UOLoginv=14lang=encc=zzSearc h.x=50Search.y=11Search=Search - Chuck James Canale, Jr. wrote: I have looked at all of the documentation that I have and can't find ANY reference to UOLOGIN, UOlogin, ... Is this documented anywhere? I tried to create a simple PROC (UniData 6.1PE) and it doesn't execute on login. The interesting thing is that if I create and direct catalog a program called UOLOGIN, I can't login anymore (with UniObjects). It's either a coincidence or it may mean that there is something special that needs to be passed back in order to complete the connection. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
Re: [U2] Help with BREAK-ON TOTAL
When doing a recent analysis of their accounts, one of my clients still had the original GAMES account still spinning on their system. Wumpus anyone? - Original Message - From: George Gallen [EMAIL PROTECTED] To: u2-users@listserver.u2ug.org Sent: Friday, May 27, 2005 9:23 AM Subject: RE: [U2] Help with BREAK-ON TOTAL From the same Robin Williams blurb... I changed the CHOO-CHOO command on our old Reality spirit system to say Reality..What a concept! The Choo-Choo command in reality would print out an ASCII picture of a steam engine train. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Larry Hiscock Sent: Thursday, May 26, 2005 4:43 PM To: u2-users@listserver.u2ug.org Subject: RE: [U2] Help with BREAK-ON TOTAL REALITY is for people who can't handle drugs. ;-) --Larry Larry Hiscock Western Computer Services --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] Uniobjects hack
I agree with you. I am a end-user and we do not have access to IBM'S secure technical notes. I understand that my company may be allowed to purchase software support to allow us to see these restricted documents. Ken Wallis [EMAIL PROTECTED] wrote: And the good reason why IBM restricts access to this information so only VARs and End-Users with direct support contracts can see it is? Why is this not in a publicly accessible piece of documentation? The number of times I have tried to register for an IBM techconnect ID and been refused because I'm a consultant not a VAR/End User is frustrating! :-( Cheers, Ken -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Key Ally Sent: Saturday, 28 May 2005 9:08 AM To: u2-users@listserver.u2ug.org Subject: Re: [U2] Uniobjects hack James, Here's a link on the IBM site. h.x=50Search.y=11Search=Search - Chuck James Canale, Jr. wrote: I have looked at all of the documentation that I have and can't find ANY reference to UOLOGIN, UOlogin, ... Is this documented anywhere? I tried to create a simple PROC (UniData 6.1PE) and it doesn't execute on login. The interesting thing is that if I create and direct catalog a program called UOLOGIN, I can't login anymore (with UniObjects). It's either a coincidence or it may mean that there is something special that needs to be passed back in order to complete the connection. --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/