> -----Original Message----- > From: IBM Mainframe Assembler List > [mailto:[email protected]] On Behalf Of Shane G > Sent: 25 February 2012 03:41 > To: [email protected] > Subject: Re: Program FLIH > > > And (given the discussion so far) you feel no qualms about > handing the keys > of the realm to any and all persons of unknown (programming) > quality/probity ?. >
Whilst it seems like a long time ago, its probably only 22 years ago, I supported an X.25 communications package for VM. This was used by 10 or so Universities in the UK. They would happily install it with the privileges required to read real store, so it could basically do anything. However whenever I wanted to see the system console output which was sometimes useful for debugging problems they were always coy. They also obviously hadn't realized what they had done, because when I pointed out that had I been malicious the code they had just installed could not only capture the console output, it could send it back to my mainframe they looked somewhat aghast! Dave (P.S. The code included an FTP server that handled all FTP requests. It got embarrassing if it was killed for guessing on passwords, so it used to locate its bad password count in its control blocks and reset it to zero when a file access failed.) > I have harped on about this for years elsewhere, and keep > getting beaten down > as "unjustified" (that was the politest synonym I could come up with). > > Shane ... > > On Sat, Feb 25th, 2012 at 4:54 AM, "Gibney, Dave" wrote: > > > ... > > When any of the vendors I named instruct me so, I dutifully > APF their > > libraries and they often reside in the linklist which we at > least do set > > AFP via IEASYSxx. >
