> If you could smell the gases, it meant your oxygen mask was not on > properly and you would be well advised to deal with it quickly. > > This smells the same to me. If someone can convince a "privileged" > product into giving them information they cannot get on their own, then > there is a security hole that requires prompt attention. Depending on > hiding DSNs to prevent a user from expoiting the weakness just doesn't > seem like a good plan.
Basically I agree. The issue is largely theoretical on z/OS because of the rich security infrastructure that already exists there. That said, I should also point out that security is a multilayered thing. It would be folly to depend on information hiding as the only security strategy, especially as the feature has only lately been grafted on and is (ahem) less than bullet proof. But at the same time, adding another layer of Kevlar to the vest may look like a fine idea if you're the one wearing it. Let's also not forget that security only works when both security and integrity rules are protected by privileged programs and enforced by the installation. It only takes one badly designed home-grown, or vendor written product to defeat all of those measures. CC ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
