BACKDOOR to OW Functionality in Xe

anonxe

Member
* jde.ini codes needed to run applications replaced by OMW.
*
* [OMW]
* PH9001_WORKFLOW_TRANSFER=U (Object Code = 1)
* P9864A_ACTIVERA_TRANSFER=S (Object Code = 2)
* P9860_OBJECT_LIBRARIAN=E (Object Code = 3)
* P9864_RECORD_COPY=O (Object Code = 4)
* P98603_PROMOTION_MANAGER=M (Object Code = 5)
* R9830512_UBE_VERSION_COPY=W (Object Code = 6)

--------------------------------------------The MAD XeHAKKER
 
AW: BACKDOOR to OW Functionality in Xe

Good work, but be careful. You don't have any control of your objects. When
you checked out an object, it is not registered in the OMW. You can't find
it there. So its better to use the OMW to have the complete control of your
objects.

kind regards

Bernd



-----Ursprungliche Nachricht-----
Von: anonxe [mailto:[email protected]]
Gesendet: Dienstag, 6. Februar 2001 23:13
An: [email protected]
Betreff: BACKDOOR to OW Functionality in Xe ~~0:5165




* jde.ini codes needed to run applications replaced by OMW.
*
* [OMW]
* PH9001_WORKFLOW_TRANSFER=U (Object Code = 1)
* P9864A_ACTIVERA_TRANSFER=S (Object Code = 2)
* P9860_OBJECT_LIBRARIAN=E (Object Code = 3)
* P9864_RECORD_COPY=O (Object Code = 4)
* P98603_PROMOTION_MANAGER=M (Object Code = 5)
* R9830512_UBE_VERSION_COPY=W (Object Code = 6)

--------------------------------------------The MAD XeHAKKER


--------------------------
Visit the forum to view this thread at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=&Board=OW&Number=5
165
*************************************************************
This is the JDEList One World / XE Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 
I have made some mods on P9860 Object Librarian with FDA making possible to run it under XE.
The only purpose to use P9860 for me is to search, look for and locate objects much more effectivly, mainly for BSFNs.
I use P9860 only in "read-only" mode and do all object management under OMW.
Zoltán

B7332 SP11, ESU 4116422, Intel NT4, SQL 7 SP1
(working with B7321, B7331, XE too)
 
This is pretty dangerous stuff. Bypassing the tokens can cause major issues in Xe. I can understand usefullness of this with CNC Administrators - but you definately should secure the apps with OneWorld security as well.

A little foolhardy to enter this information in such a public arena methinks

Jon

ERP Sourcing
http://www.erpsourcing.com
[email protected]
 
How risky is an anonymous post? Three cheers for Foolhardy anonymous
posters. Where would we be without them? Probably at the mercy of
foolhardy consultants I suppose.

I presume JDE would put this into the category of "undocumented features".
Kind of like TAMMenus=SHOW.


----- Original Message -----
From: "altquark" <[email protected]>
To: <[email protected]>
Sent: Wednesday, February 07, 2001 9:46 AM
Subject: Re: BACKDOOR to OW Functionality in Xe ~~5165:5195


> This is pretty dangerous stuff. Bypassing the tokens can cause major
issues in Xe. I can understand usefullness of this with CNC
Administrators - but you definately should secure the apps with OneWorld
security as well.
>
> A little foolhardy to enter this information in such a public arena
methinks
>
> Jon
>
> ERP Sourcing
> http://www.erpsourcing.com
> [email protected]
> --------------------------
> Visit the forum to view this thread at:
>
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=&Board=OW&Number=5
195
> *************************************************************
> This is the JDEList One World / XE Mailing List.
> Archives and information on how to SUBSCRIBE, and
> UNSUBSCRIBE can be found at http://www.JDELIST.com
> *************************************************************
>
>



JD Nowell
OW: B7332
ES: AS400 V4R4 CO: DB2/400 SP: 11.2
Users: 250 TSE Users: 100
 
so - you think all undocumented features should be a tightly kept secret between consultants so customers will always depend on them?

DeRay Scholz
The Upper Deck Company
 
security by obscurity is not security.

Place your system configuration information in your signature!
 
AW: BACKDOOR to OW Functionality in Xe

in my opinion it is fair enough to publish undocumented features. Whether
the receiver of the information can deal with it that is another story. I
assume that all that swear to be a CNC-administrator or consultant are able
to deal with this information, or am I wrong? Knowhow protection does not
help to promote the minds. I would welcome a list of all undocumented
features. Some of them I know are very useful and helpful, at least.

Cheers
Roland.

-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:eek:[email protected]]Im
Auftrag von altquark
Gesendet: Mittwoch, 7. Februar 2001 23:25
An: [email protected]
Betreff: Re: BACKDOOR to OW Functionality in Xe ~~5165:5235


so - you agree that all undocumented features be published and available to
users ? I'm not sure about that. I think this is pretty dangerous.

Jon Steel

ERP Sourcing
http://www.erpsourcing.com
[email protected]
--------------------------
Visit the forum to view this thread at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=&Board=OW&Number=5
235
*************************************************************
This is the JDEList One World / XE Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 
Based on some of the questions on this list from 'Consultants', I would have
to question them having this knowledge as much or more so than a user.
However, this is not supposed to be a censored list. Why are we even
talking about this?

Bill Williams


>
 
Also, be careful with these JDE.ini setting. OMW check the date objects were
checked-in. So if an object in PY has a newer date than DV, OMW will not
transfer that object. But the project will advance. So what you get is
objects not in sync.

I agree with Jon, these settings should not known to everyone. If people
start using these setting incorrectly, they might be cause more harm than
good. Also if JD Edwards find out people are using these setting, they
might remove them in future Service Packs. these setting saved my butt
once. I was able to easily transfer an object from Pristine to Dev without
having to set up active rules.

ADRIAN VALENTIM




Valmatrix Consulting Inc.
 
Re: RE: BACKDOOR to OW Functionality in Xe

God giveth and McVaney taketh away.

Chad Anderson
Generac Portable Products L.L.C.
B733.1 SP 7.1 AS400 Ent NT SQL Deploy
 
Sorry you said these settings saved my butt once but should not be known to
everyone one?

Instead of removing them from future releases why dont they make them
readily available and provide us with documentation etc so they can be used
properly.

Cheers
Kieran




Also, be careful with these JDE.ini setting. OMW check the date objects
were
checked-in. So if an object in PY has a newer date than DV, OMW will not
transfer that object. But the project will advance. So what you get is
objects not in sync.

I agree with Jon, these settings should not known to everyone. If people
start using these setting incorrectly, they might be cause more harm than
good. Also if JD Edwards find out people are using these setting, they
might remove them in future Service Packs. these setting saved my butt
once. I was able to easily transfer an object from Pristine to Dev without
having to set up active rules.

ADRIAN VALENTIM




Valmatrix Consulting Inc.
--------------------------
To view this thread, visit the JDEList forum at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=0&Board=OW&Number=5287

*************************************************************
This is the JDEList One World / XE Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 
Re: RE: BACKDOOR to OW Functionality in Xe

True

Freedom of the press and all

However, there is also ignorance in bliss. The fact is that users are unaware of certain functions because JDE took away their little "toys" - remember, OMW is there to ensure that certain rules are being followed in the most crucial section of OneWorld - the toolset. Suddenly someone publishes the .INI settings. Developers start to implement the .INI settings - objects are being transferred outside of OMW - package builds start to fail - JDE won't support the Admin staff because some developer thought the .INI settings were fine......you can start to see the situation snowballing....

Remember - not all CNC Administrators monitor the list - and so not every implementation of OneWorld have these programs secured down.

However - I agree I was a little heavy handed in using the term "foolhardy" - sorry to Mad Hakker in that respect (whoever Mad Hakker is) - I use a similar system to ensure that my customers networks are secure in CERT - vulnerabilities are openly published with Operating Systems - with corresponding fixes appearing VERY quickly from the vendors. Maybe we should post more vulnerabilities in a similar vein - hoping that JDE will pay attention ? Maybe a "Vulnerabilities" forum should be created Eric ?

Jon Steel

(JOKE !)

ERP Sourcing
http://www.erpsourcing.com
[email protected]
 
Re[3]: BACKDOOR to OW Functionality in Xe

Does OMW stand for Object Management Workbench? This is a new term
to come up since Xe was released.


______________________________ Reply Separator _________________________________
Subject: Re: RE: BACKDOOR to OW Functionality in Xe ~~5165:5318
Author: [email protected] at INTERNET
Date: 2/8/01 5:18 PM


True

Freedom of the press and all

However, there is also ignorance in bliss. The fact is that users are unaware o
f certain functions because JDE took away their little "toys" - remember, OMW is
there to ensure that certain rules are being followed in the most crucial secti
on of OneWorl
d - the toolset. Suddenly someone publishes the .INI settings. Developers star
t to implement the .INI settings - objects are being transferred outside of OMW
- package builds start to fail - JDE won't support the Admin staff because some
developer tho
ught the .INI settings were fine......you can start to see the situation snowbal
ling....

Remember - not all CNC Administrators monitor the list - and so not every implem
entation of OneWorld have these programs secured down.

However - I agree I was a little heavy handed in using the term "foolhardy" - so
rry to Mad Hakker in that respect (whoever Mad Hakker is) - I use a similar syst
em to ensure that my customers networks are secure in CERT - vulnerabilities are
openly publi
shed with Operating Systems - with corresponding fixes appearing VERY quickly fr
om the vendors. Maybe we should post more vulnerabilities in a similar vein - h
oping that JDE will pay attention ? Maybe a "Vulnerabilities" forum should be c
reated Eric ?


Jon Steel

(JOKE !)

ERP Sourcing
http://www.erpsourcing.com
[email protected]
--------------------------
Visit the forum to view this thread at:
http://198.144.193.139/cgi-bin/wwwthreads/showflat.pl?Cat=&Board=OW&Number=5318

*************************************************************
This is the JDEList One World / XE Mailing List.
Archives and information on how to SUBSCRIBE, and
UNSUBSCRIBE can be found at http://www.JDELIST.com
*************************************************************
 
Re: AW: BACKDOOR to OW Functionality in Xe

Here is a really harmless but useful jde.ini setting:

[EVEREST]
ShowAlias=1

With this setting if you right click on any control of a form then you will see the alias of it in the middle of the popped up window.

Maybe many of us already well know this settings but hope that could be useful for the others.

Zoltán
P.S.: it is not really undocumented feature (lke TAMMenus=Show isn't also) but you have to have a great fortune to find them in the documentations.

B7332 SP11, ESU 4116422, Intel NT4, SQL 7 SP1
(working with B7321, B7331, XE too)
 
Re: Re[3]: BACKDOOR to OW Functionality in Xe

Kevin & List,
You are right, OMW is an abbreviation of Object Management Workbench.
By MHO is that isn't really ethical to publish dangerous possibilities (like how to use OL under XE) when we do not describe the remedy for it in the same time.

I think, the best way for CNC and/or Security administrators is to secure all obsolate applications to prevent to use them via a jde.ini modification and allow it only for enough educated and responsible peoples who can use it with responsibility and safe way.
Zoltán

B7332 SP11, ESU 4116422, Intel NT4, SQL 7 SP1
(working with B7321, B7331, XE too)
 
AnonXE (aka MAD XeHAKKER): DOES ANYONE KNOW IF THIS FUNCTIONALITY HAS BEEN DISABLED AT SP14.2? I CAN'T GET IT TO WORK ANYMORE. PLEASE ADVISE.



* jde.ini codes needed to run applications replaced by OMW.
*
* [OMW]
* PH9001_WORKFLOW_TRANSFER=U (Object Code = 1)
* P9864A_ACTIVERA_TRANSFER=S (Object Code = 2)
* P9860_OBJECT_LIBRARIAN=E (Object Code = 3)
* P9864_RECORD_COPY=O (Object Code = 4)
* P98603_PROMOTION_MANAGER=M (Object Code = 5)
* R9830512_UBE_VERSION_COPY=W (Object Code = 6)

--------------------------------------------The MAD XeHAKKER



JD Nowell
OW: B7332
ES: AS400 V4R4 CO: DB2/400 SP: 11.2
Users: 250 TSE Users: 100
 
Hi Oneworld_101,

I have exactly changed NOTHING in the jde.ini.
I have written:
======================================================================
I have made some mods on P9860 Object Librarian with FDA making possible to run it under XE.
======================================================================
If you open P9860 with BrowsER then you will easy find out where and which lines to disable :) I suppose this could work for Object Tranfer too. I wouldn't really like to share what I have exactly done.

I DO NOT RECOMMEND TO USE THESE OBSOLETE(?) APLICATIONS UNDER XE JUST ONLY FOR "READ ONLY" ACTIONS!

Zoltán

B7332 SP11, ESU 4116422, Intel NT4, SQL 7 SP1
(working with B7321, B7331, XE too)
 
Back
Top