What's a 'cracker'?
On 7/18/06, Jerry Banker [EMAIL PROTECTED] wrote:
Exactly.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Walker
Sent: Tuesday, July 18, 2006 1:48 PM
To: 'u2-users@listserver.u2ug.org'
Subject: RE: [U2] SOX question (United
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Walker
Sent: Tuesday, July 18, 2006 1:48 PM
To: 'u2-users@listserver.u2ug.org'
Subject: RE: [U2] SOX question (United States only, I believe)
The friendly neighborhood cracker isn't a threat
On Behalf Of [EMAIL PROTECTED]
From Wikipedia, the free encyclopedia
* Cracker (computing), a person who engages in illegal system
cracking or software cracking, circumventing computer
security systems; also known as a black hat hacker
To distinguish from hacker who is someone who
A cracker does it for malicious purposes.
And all these years I thought a cracker was a good ol' boy from north
Georgia.
---
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
: Wednesday, July 19, 2006 1:40 PM
To: u2-users@listserver.u2ug.org
Subject: Re: [U2] SOX question (United States only, I believe)
On 7/19/06, Horn, John [EMAIL PROTECTED] wrote:
To distinguish from hacker who is someone who breaks into systems
for fun and the challenge of it. A cracker does
On 7/19/06, Tom Dodds [EMAIL PROTECTED] wrote:
Wendy, thanks for the new word, pejorative. That's a great one.
:) I think this thread gets the prize for the most deviation from the
initial topic. Shall we adjourn to u2-community before we get
evicted?
--
Wendy
---
u2-users mailing list
Hi,
I have been reading this thread and others with interest, but no one has
managed to answer how you can be SOX compliant when you have only one guy
who programmes, administers, upgrades the software and makes the tea!
Any suggestions anyone?
Cheers,
Ray Dawes
Ray,
One way to do it is to form a joint venture with other tea makers
and do business through that company, which subcontracts your company
and the
others. Of course, in theory, all the subs would have to be SOX
compliant, but it should satisfy most customers.
- Chuck Or, You Could
Short answer: you can't. (We just went thru a Sox audit)
Regards,
--
Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of DAWES, Ray
Sent: Tuesday, July 18, 2006 10:19 AM
To: u2-users@listserver.u2ug.org
Cc: ALLEN, David
Subject: RE: [U2] SOX question
Document everything! Make no changes without a written request from the
users. Have them test and approve the changes, in writing, after
completion. Store your documentation in a format that is readily
accessible to the auditors.
Gordon J. Glorfield
Sr. Applications Developer
But doesn't this leave the information readily available to the friendly
neighborhood cracker?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gordon J
Glorfield
Sent: Tuesday, July 18, 2006 10:41 AM
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] SOX
Exactly.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Walker
Sent: Tuesday, July 18, 2006 1:48 PM
To: 'u2-users@listserver.u2ug.org'
Subject: RE: [U2] SOX question (United States only, I believe)
The friendly neighborhood cracker isn't a threat
These subjects -- compliance with regulations like SOX and other
quality-focused controls are near and dear to my heart. And I have some
opinions and perhaps information about them. Hence a long-ish post. Maybe it
will help someone, somewhere.
The worst thing that happened as a result of the new
Why not separate DBA from programmer role?
It's none of their bleeping concern.
You have procedures, you have documented those procedures, and in an audit you
can prove that you follow those documented procedures.
End of story. You are compliant.
You do NOT have to justify your procedures
Two salaries! Yay!
- Original Message -
From: Lance Jahnke [EMAIL PROTECTED]
To: u2-users@listserver.u2ug.org
Subject: Re: [U2] SOX question (United States only, I believe)
Date: Fri, 9 Dec 2005 07:35:39 -0600
What happens when the programmer is the dba? One person developing
You do NOT have to justify your procedures -
no-one can tell you how to run your business.
But this is the USA. Everyone tells you how to run your business, from
the IRS to the state, to the lawyers, to the insurance companies, to
the... You name it. All SOX does is amplify prison as an
@listserver.u2ug.org
Sent: Thursday, December 08, 2005 6:28 PM
Subject: [U2] SOX question (United States only, I believe)
When we started implementing Sarbanes-Oxley, I knew the question of why we
don't separate the Database Admin role from the Programmer role would come
up. Has anyone on this list been able
-base and only get read-only
to the user testing environment.
Regards,
Marc Hilbert
Pick Professional Center
Buenos Aires,
Argentina.
- Original Message - From: Charlie Rubeor
[EMAIL PROTECTED]
To: u2-users@listserver.u2ug.org
Sent: Thursday, December 08, 2005 6:28 PM
Subject: [U2] SOX
What happens when the programmer is the dba? One person developing and managing
universe...
-Original Message-
From: [EMAIL PROTECTED]
To: u2-users@listserver.u2ug.org
Sent: Fri Dec 09 05:49:55 2005
Subject: Re: [U2] SOX question (United States only, I believe)
Good Morning Charlie
is about 8 pages.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven M Wagner
Sent: Friday, December 09, 2005 8:27 AM
To: u2-users@listserver.u2ug.org
Subject: Re: [U2] SOX question (United States only, I believe)
Marc
How do the programmers to customer
You mean you don't separate them? Absolutely there needs to be a division
of labor here. As a developer I have no time to keep up with mundane
tasks as password verification, file resizing and maintenance, upgrades,
etc... That doesn't even touch on the security and accountability issues.
The difference is that you have access to LOOK, but not in any way CHANGE...
How do the programmers to customer support if they cannot look at the data
in the production data-base? It would be hard to research problems if you
cannot look at live data.
Steve
---
u2-users mailing list
Sent: 09 December 2005 13:36
To: u2-users@listserver.u2ug.org
Subject: Re: [U2] SOX question (United States only, I believe)
What happens when the programmer is the dba? One person
developing and managing universe...
---
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe
On 12/9/05, Peter Gonzalez [EMAIL PROTECTED] wrote:
SOX SUCKS! (we have tee shirts with 'SOX SUCKS' on the front)
Our productivity has gone way down. If there is a problem here is what we
have to do now. And there are plenty of internal and external auditors to
make sure we do the
2005 14:13
To: 'u2-users@listserver.u2ug.org'
Subject: RE: [U2] SOX question (United States only, I believe)
SOX SUCKS! (we have tee shirts with 'SOX SUCKS' on the front)
Our productivity has gone way down. If there is a problem here is what
we have to do now. And there are plenty of internal
I am surprised by all the differing methodology's for being SOX compliant.
For data fixes we have an audit approved process as below.
1. All changes must be requested from the user. Artifact: User Request
(Can be a hard copy of an email.)
2. LIST.ITEM hard copy of the data before the
Gordon,
I used to work for a $500M company (multi-national, multiple
office) where I was the Unix Admin, the secondary DBA, the Hiring
Manager, an Area Manager, Head of Computer Security and QC, and a hands
on programmer simultaneously. The primary DBA also ran the operations
department,
of company fraud.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Les Hewkin
Sent: Friday, December 09, 2005 10:34 AM
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] SOX question (United States only, I believe)
Is that all there is to it
We have
Believe me - I think there are quite a few of us globally who agree with
that sentiment!
On another note, I'm really sorry to hear that overseas companies
have to deal with SOX. Or as I call it, The Great Productivity
Reduction Act of 2002.
Charlie Rubeor
This e-mail is for the use of the
Of Peter Gonzalez
Sent: 09 December 2005 14:13
To: 'u2-users@listserver.u2ug.org'
Subject: RE: [U2] SOX question (United States only, I believe)
SOX SUCKS! (we have tee shirts with 'SOX SUCKS' on the front)
Our productivity has gone way down. If there is a problem here is what we have
to do now
Marc
How do the programmers to customer support if they cannot look at the data
in the production data-base? It would be hard to research problems if you
cannot look at live data.
Steve
The thing that always cracks me up is that all one has to do in a U2/PICK
environment is to create q
I wrote a package for MANAGE-2000 clients that addressed these issues. I
call it DTS (Development Tracking System). It does a great job separating
Programmer from Live Data.
To use it one would create a Development Account and an end-user testing
account. My software would run on the
-users@listserver.u2ug.org
Sent: Friday, December 09, 2005 10:27 AM
Subject: Re: [U2] SOX question (United States only, I believe)
Marc
How do the programmers to customer support if they cannot look at the data
in the production data-base? It would be hard to research problems if you
cannot look
Subject: RE: [U2] SOX question (United States only, I believe)
SOX SUCKS! (we have tee shirts with 'SOX SUCKS' on the front)
Our productivity has gone way down. If there is a problem here is what we
have to do now. And there are plenty of internal and external auditors to
make sure we do
The thing that always cracks me up is that all one has to do in a U2/PICK
environment is to create q pointers to the main account from the test
account. You can look and even modify without having access to that
account
unless it is locked down by logon at the OS level, which I have yet to
That why we have triggers on our basic program files and on the voc. If
you do copy something from dev to live, it will show up in the logs. Then
your supervisor comes to you not in a very genial mood. You then have to
end up doing the paperwork anyway.
Gordon J. Glorfield
Sr. Applications
] Behalf Of Gordon J
Glorfield
Sent: Friday, December 09, 2005 13:55
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] SOX question (United States only, I believe)
That why we have triggers on our basic program files and on the voc. If
you do copy something from dev to live, it will show up
government
requirements.
BobW
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gordon J
Glorfield
Sent: Friday, December 09, 2005 1:55 PM
To: u2-users@listserver.u2ug.org
Subject: [ ] - RE: [U2] SOX question (United States only, I believe) -
Found word(s) list
:[EMAIL PROTECTED] On Behalf Of
Allen E. Elwood
Sent: Friday, December 09, 2005 11:38 AM
To: u2-users@listserver.u2ug.org
Subject: RE: [U2] SOX question (United States only, I believe)
The thing that always cracks me up is that all one has to do
in a U2/PICK environment is to create q
At 17:04 09/12/05 -0800, you wrote:
Allen:
Which makes one wonder why in the world security was pulled out of the dbms.
There's something illogical about an O/S administrator knowing better how to
set up security in the application than the application vendor.
Bill
Might it have something
When we started implementing Sarbanes-Oxley, I knew the question of why we
don't separate the Database Admin role from the Programmer role would come
up. Has anyone on this list been able to provide a satisfactory answer to
the auditors, without spending a lot of time explaining the benefits
PROTECTED]
Skickat: den 8 december 2005 22:28
Till: u2-users@listserver.u2ug.org
Dmne: [U2] SOX question (United States only, I believe)
When we started implementing Sarbanes-Oxley, I knew the question of why we
don't separate the Database Admin role from the Programmer role would come
up. Has
42 matches
Mail list logo
