------------------------------------------<snip>-------------------------------------
Anyone running a program called EDVPARM? A consultant is trying to
convince us to install this program to an authorized library with AC(1).
Looking at the source concerns me. It appears that you can pass it a
program name and parameter list and the program will ATTACHX it. This
seems like a big hole to me. What if you pass it IRXJCL for example? Or?
----------------------------------------<unsnip>------------------------------------
I would have a VERY SERIOUS PROBLEM (Capitalized, quotated, underlined,
in italics, in the middle of a blank page!) with installing a program of
that nature. If your consultant requires the use of an authorized
program, other than what the system provides, he/she needs to justify
it, explain it and allow you to examine the source code so you can be
sure he's telling you God's honest truth. Otherwise, he might very well
compromise your system's integrity, corporate records, overall security,
etc.
At this point, I'd be thinking really hard about whether his services
are necessary and/or appropriate. He may be completely honest, but with
a program like this floating around, I'd be really concerned. This
consultant needs to prove to me that his motives are completely harmless
AND that he's not going to share this program with those who might
misuse it.
Can we say "HUMUNGOUSLY BIG RED FLAG" ???
--
Rick
--
Remember that if you’re not the lead dog, the view never changes.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
