On Tue, 9 Jan 2024 20:18:42 -0600, Kirk Wolf <[email protected]> wrote:
>On Tue, Jan 9, 2024, at 5:18 PM, Jon Perryman wrote:
\>> You may wonder why you might need -R. The SSH command exposes
identification (e.g. userid & password).
>> -L exposes a z/OS userid & password on each TN3270 computer which is not
>> easily protected.
>
>Exposes how? Do you mean that traffic on one socket across the loopback adapter
Amazingly the hack is much simpler. Scan thru github for userid's / passwords.
There are opensource utilities that will find the most common occurrences.
Consider DB2 connect in z/OS using shared RACF, ACEE and trust for every
machine within the SYSPLEX. No userid / password (or some other identification
method is not allowed)
DB2 connect client for Linux, Windows and ??? is completely different. For
instance, the DB2_CONNECT for PHP is documented as follows:
db2_connect(
string $database,
?string $username,
?string $password,
array $options = []
): resource|false
Creates a new connection to an IBM DB2 Universal Database, IBM Cloudscape, or
Apache Derby database.
This is a common Unix practice (not necessarily a best practice). People tend
to follow the documentation.
Surprisingly, some people do not sanitize their code before uploading to github
(or other open source repositories).
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
