Paul Gilmartin wrote:
[...]
Good, however belated. READPW (if I guess its meaning as an extract
function) should never have existed.
o No secure system should _ever_ disclose a password to someone not
authorized to access the object it protects.
o Anyone not knowing the password is presumed not to be so authorized.
"I forgot" is no excuse.
Paul,
Your assumption is wrong. READPW means password which allows to READ
VSAM cluster. (*)
Your point about passwords is good, but design of VSAM password was
wrong. It was required by design to share passwords. Everybody who
needed to open cluster needed the same password for that. It's like one,
share key to the door lock. Similar security is/was used by Microsoft in
Windows for Workgroups and 9x.
(*) Note: VSAM is older than RACF.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
