On Thu, 22 May 2008 14:23:53 -0500, Eric Bielefeld wrote: >I still don't see how anyone can hack a userid and password and log on to a RACF protected system. If you have security set up correctly, you only get 3 tries or so, and then the ID is revoked. If you have been successful in obtaining and cracking the RACF database (or a database copy) then you will only need 1 try -- it ought to be successful. There is no easy way to counter such a "one and done" approach - unless you either improve your database's physical security (don't let it get into the wrong hands) or also require the cracker to physically possess something presumably uniquely identifiable. (Like a physical key but usually electronic.) It isn't so much that good guys are getting harder to find as it is that bad guys are getting a little bit sneakier. -- Tom Schmidt
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
