No shop would really admit it... but is it really that rare to find users with access to APF authorized libraries when they should not have this access (at all, or any more...) ? I find it hard to believe that large shops with 20-25 years of legacy and with thousands of users dont have at least one of the problems i mentioned. And new shops who only started 5 years ago are usually so stressed to make the project deadlines that they tend to ignore some "minor" security issues. Of course, all the examples I gave are things I noticed from my position as a system programmer, and seemed to me, as to Ed, like major breaches who should be attended to ASAP. I have always presented these issues with my superiors and never got the feeling they felt the same way as I did about them. Very few shops keep a security team that consists of highly experienced, good system programmers who can actually detect and fix the sophisticated problems. Because the sysprogs get sucked up in system work instead of security work.. especially if they are good. My point is, what system programmers consider as "Mickey mouse security" might be regarded as fairly strict to other users / management. Gil. On 6/20/05, Edward E. Jaffe <[EMAIL PROTECTED]> wrote: > That proviso "... if the shop is not properly secured" is crucial. Your > original post suggested that "anyone who has worked at the same shop for > a long time [could learn to] become APF authorized". Now we're limiting > the exposure to a shop with more or less "mickey mouse" security and > sub-standard auditing of same. Big difference.
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
