On 14 July 2011 14:55, Tom Sims <[email protected]> wrote: > Yesterday we entertained a group of vendor representatives who presented > their assessment of our implementation of ACF2. Among their key findings > and recommendations was a high-criticality suggestion to remove the ACF2 > "alter SVC," which was characterized as a dangerous back door around access > control, the removal of which would substantially reduce our exposure to its > malicious use.
Oh my... Did they also suggest restricting use of AMASPZAP because it's a dangerous and powerful utility that allows (shock, horror) updating datasets? > I have been through the Installation, Auditor, Administrator, Systems > Programmer _and_ Best Practices manuals for our current release, as well as > the next, and I can find no indication that defining this SVC to the product > is in any way optional. Nor is there any documentation in the online vendor > bookshelves that either supports this assessment or details alternatives. If the ACF2 SVC allowed just anyone to run a program update the ACF2 database, there would be a problem. But pretty obviously it has access controls, just as the RACF SVC and callable services have access controls. If these advisors believe there is a problem, ask them to spell it out in detail, giving at least one scenario showing malicious use. Oh by the way, a number of vendor products would stop working if you managed to remove the SVC. To say nothing of the ACF command. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
