Rick Fochtman pisze:
[...]
Roland, I PARTLY agree with you. But ANY tool that has the capability of compromising security or integrity MUST be strictly controlled.

Agreed. However ADRDSSU with ADMIN keyword disabled (which is default) is not one of them.


While some tools are "security aware" and will check via SAF before doing something stupid, far too many tools need to be controlled at the PROGRAM level.

Rick,
Can you list the tool which need to be controlled at PROGRAM level?
I'm curious.


> A "happy medium" might be to develop inhouse tools that
> allow certain "dangerous" tools to be used in a strictly
> controlled manner.
There is another risk: IBM tools are widely known and documented. Inhouse tools can have some "secret backdoors". Or at least you have to prove there are no such backdoors. It's virtually impossible without thorough code inspection.



Regarding AMASPZAP and Ed's mail:
The problem is not related to AMASPZAP. Completely! You mentioned that sysprog *copied* it to another APF library (or even the same, under new member name) - in this case PRGRAM protection no longer works! The security breach is an update to APF library, not lack of PROGRAM protection. AMASPZAP is powerful tool but all the functions are under SAF control.

--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 0000025237
NIP: 526-021-50-88
Według stanu na dzień 01.01.2009 r. kapitał zakładowy BRE Banku SA (w całości 
wpłacony) wynosi 118.763.528 złotych. W związku z realizacją warunkowego 
podwyższenia kapitału zakładowego, na podstawie uchwały XXI WZ z dnia 16 marca 
2008r., oraz uchwały XVI NWZ z dnia 27 października 2008r., może ulec 
podwyższeniu do kwoty 123.763.528 zł. Akcje w podwyższonym kapitale zakładowym 
BRE Banku SA będą w całości opłacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to