[Info-vax] SSH footprint
Bob Gezelter
gezelter at rlgsc.com
Mon Oct 26 17:01:48 EDT 2009
On Oct 26, 4:32 pm, Marc Van Dyck <marc.vand... at brutele.be> wrote:
> Marc Van Dyck submitted this idea :> mostly ok, but we have discovered a serious flaw : when a user logs
> > into an OpenVMS system using SSH (as we are all required to do, since
> > telnet is considered unsecure), the corresponding audit entry says that
> > the user SSH did a remote login, instead of displaying the real user.
>
> Do you believe it is worth asking HP to solve that problem ?
>
>
> Marc Van Dyck
Marc,
I may be old-fashioned, but I would definitely report it. There are at
least two reasons for this recommedation.
- It appears to be incorrect, and it will never get fixed if it is not
reported.
- A bug report and a case number are a good answer for the inevitable
auditor question: Why did you do this? In this case, the answer is: We
reported the bug, and implemented a workaround until the problem is
corrected.
- Bob Gezelter, http://www.rlgsc.com
More information about the Info-vax
mailing list