tough - thats what you get for relying on a bug/undocumented feature ;-)
----- Original Message ----- From: "Bob Gerrish" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, September 10, 2004 05:14 pm Subject: Re: [U2] major (?) @var security hole > I used this at a client site where they wanted to use 1 login name, but > track individuals via a secondary login run via a BASIC program. > > If it is brought up as a bug to IBM, it could have negative implications at > sites like that. > > Bob Gerrish - [EMAIL PROTECTED] > > At 12:34 PM 9/10/2004, you wrote: > >this may be common knowledge , but I stumbled across this yesterday at a > >client's site and was very surprised / alarmed. > >if you rely on system variables, @LOGNAME , @WHO in particular, for any kind > >of security / access control , you may be interested to know that these > >'static'/'read only' variables can very easily be modified to contain any > >values you like - including other user ids and account names. > ><snip> > ------- > u2-users mailing list > [EMAIL PROTECTED] > To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
