Hello, Thank you for the interesting discussion. I would like to address some of the various points made.
- Why? We want to "trap" calls to certain 3rd party products and log these. This is a standard auditing requirement and is not illegal. The use of this information must of course be closely controlled to avoid any misuse. No one worries above auditing in for example RACF. This is not an ethical problem but is now determined in part by legal requirements such as SOX. - Correct is that a 100% safe solution does not exist. Any restriction can be circumnavigated with some criminal energy and enough technical knowledge. This applies to any security measure. - The possible approaches discussed all have one negative aspect - they can require changes to load modules, JCL, scripts, programs calls, etc. The problem is that the source of the calls are not always known. Furthermore such changes can be a maintenance overhead (eg. after applying updates). A simple rename would in part solve the problem - is too easy to get around. - My solution was as a result the hope, that it would be possible to dynamically trap calls to certain programs without any changes to other components. If required via a subsystem or ???? IMHO I think this is the cleanest architectural way to solve the problem. Unfortunately the technical solution does not seem to be that straight forward - shame! I am wondering how products like Softaudit and PDSMan solved the problem? Regards Jon Renton -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.432 / Virus Database: 268.17.12/654 - Release Date: 27.01.2007 17:02 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
