HP 3000 Manuals HP 3000 Manuals
Passwords in Batch Submissions
Just as embedded passwords are a source of security exposure in sessions,
so too are passwords embedded in batch submissions.
Prevention of password exposure in batch submissions is effected by:
* Rejecting embedded passwords in job cards.
* Prohibiting cross streaming (letting a user stream another user's
job).
* Allowing users, AM, and SM to stream jobs without supplying
passwords (stream privilege).
The first feature causes a job to fail if it contains an embedded
password. The second feature places limitations on who can stream jobs
of other users. The third feature permits various types of users to
stream jobs without supplying passwords.
The third feature does not mean the system is now left open to the
submission of unauthorized batch files. It means that a user with stream
privilege can stream a job without entering a password. A user without
stream privilege still must enter a valid password to stream a job.
Embedded Passwords in Job Files
This option prevents embedding passwords in job files. It operates by
rejecting any "!JOB" command with an embedded password(s), regardless of
the validity of the password.
When this feature is enabled, and a password is found in a job, the
:STREAM command returns the following message:
PASSWORD SECURITY ENABLED. EMBEDDED PASSWORDS ARE NOT ALLOWED (CIERR
1450).
This feature is applicable to all JOB cards (the ":JOB" command strings)
regardless of the origin of the job. This includes jobs streamed from
disk files, tapes, from within a job, or from interactive terminal input,
including jobs generated by the interactive :JOB command. The default
for this feature is "OFF".