----------------------<snip>-----------------------
I'm now wondering if this is an urban myth. At the GSE LSWG meeting last
Tuesday Ray Evans the IBM UK Penetration Testing Manager claimed several
times to be able to recover passwords from a copy of the RACF database.
I have a recording of the presentation. I hope this doesn't get him into
trouble as it was a very good presentation.
Look after your RACF D/B - security begins at home.
---------------------<unsnip>----------------------
I'd sure like to see his mechanism. Security is one of my "hot buttons",
having been a RACF administrator for many years. My RACF database files
were also RACF protected. When I was asked for an unloaded copy, I had a
special little program, using UPDAT I/O, that set all password fields
toX'00" values so nobody could even try to decypher passwords. At least,
not with any hope of success.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
