Sam,
I share your concerns but as an individual that has worked for several
system software ISVs I can tell you that CA is definitely not alone. It
would take no more than 10 minutes to write and test a short program
that would authorize any piece of code you wanted, in most shops,
without having access to anything else but a regular TSO session.
This is not IBM's fault as it has provided all the facilities to lock
down a system. It is the ISVs that leave all the duplicate keys laying
around. CA is nothing special by any means. Plus, whenever IBM acquires
another performance monitoring company it leaves some keys for you, too.
(if you know what I mean and if those things are not fixed).
Thus, relax, there probably isn't a single secure commercial system out
there.
/re
Knutson, Sam wrote:
Hi,
UNICENTER CA-TSO/MON VERSION 6.2.0 the very latest issue from CA still uses
user key common storage.
It is worth noting it appears you can avoid this if you do not install or
run the T/M ONLINE feature of the product.
After three months of research CA finally produced this response. Other CA
product groups have had similar issues with the scope of the change to
eliminate user key common storage use but have committed quickly to a
specific future release with this as a line item.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
