home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.os.vms
- Path: sparky!uunet!wupost!uwm.edu!rpi!newsserver.pixel.kodak.com!laidbak!tellab5!balr!ttd.teradyne.com!news
- From: rice@ttd.teradyne.com
- Subject: Re: WHO.COM (UIC/username translation) addendum
- Message-ID: <1992Sep4.213657.1@ttd.teradyne.com>
- Lines: 40
- Sender: news@ttd.teradyne.com (News Feed Account)
- Nntp-Posting-Host: mrdata.ttd.teradyne.com
- Organization: Teradyne Inc., Telecommunications Division
- References: <FFB2089476DFC0FD69@sb.hhs.dk>
- Date: Sat, 05 Sep 92 02:29:19 GMT
- Lines: 41
-
- In article <FFB2089476DFC0FD69@sb.hhs.dk>, ARNE@ko.hhs.dk (Arne Vajhxj) writes:
- >> >>
- >> >>$! UAF.COM
- >> >> ...
- >> >>$ define sysuaf SYS$COMMON:[SYSEXE]SYSUAF.DAT !<- sysuaf.dat must be world read
- >> >> ...
- >> ^^^^^^^^^^
- >> >
- >> > NOT!
- >> >
- >>
- >> In order for the command procedure to run, sysuaf.dat has to be world read.
- >> Either that or the procedure can only be used by a privileged user. How you
- >> manage your site's security is up to you. WYSIWYG
- >
- > Well I did not save the original posting, but I assume, that it is correct,
- > that it will only run when SYSUAF can be read.
- >
- > But I will strongly recommend NOT to let SYSUAF.DAT be world readable.
- >
- > It is a BIG potential security risk.
- >
- > It will be very simple to write a passwords cracker, that test a list
- > of commonly used password against all usernames, by reading username and
- > encrypted passwords (and salt) out of such a file.
- >
- > All system-managers must find their own level of security, so it is OK to
- > post such a COM-file and tell how it can be used, but please inform people
- > about the potential security problem. Thay need to have all the information
- > to make a good decision !!!!
- >
-
- Agreed! Point taken...
-
-
- --
- John Rice K9IJ | "Did I say that ?" I must have, but It was
- | MY opinion only, no one else's...Especially
- | Not my Employer's....
- rice@ttd.teradyne.com | Purveyor of Miracles,Magic and Sleight-of-hand
-