borrowed snip from mr. fochtman. -------------------------------<snip>------------------------- We have an issue in one our project. The project is deveopled to see who
are using the system using the shared mainframe id. scenario. 1. There are some users who logon to the mainframe using the sharedid and common password and do some inquiry going to the cics region. To see who are using the sysytem in this way ,we have developed a new screen and where the shared users will be entering their individual id & individual password , then only the system will allow to enter to the application in the cics region. Problem: The problem here is that say suppose the user 1 using the shared id and common passord login from terminal 1 and after some time while this user is logged in , say a user 2 is logging in teminal 2 using the shared id and common password , the other user will be automatically kicked out, but still the online cics region will be active & for the 2'nd user the cics region will not ask their individual password and the new screen will not be thrown. Here there is a security issue/flaw involved. we need to control this and this loophole in the design has to be tackled. could some one give us suggestion how to take this? ---------------------------<unsnip>----------------------------- Raj, Lots of people have told you this is a very very bad idea, so I will not drone on this point (I do agree this is a very very bad idea). This problem can not easily be solved and probably should not. You remove the problem with the removal of shared ids. I am not sure why you do this (cost savings for limiting certain id's to specific resources or your client does not have a clue) but the cost for when something goes wrong will be more than your client is "saving" with this method. So you should tell you client not if something goes wrong, just a matter of when something goes wrong. With SOX your management will ultimately be responsible for any breach caused. If you are out of the US this may not apply to your client, not sure about Great Britain or Europe. Fletch ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
