Re: ADRDSSU protection

Fri, 08 May 2009 01:44:40 -0700 

Rick Fochtman pisze:
[...]
Roland, I PARTLY agree with you. But ANY tool that has the capability of compromising security or integrity MUST be strictly controlled. 


Agreed. However ADRDSSU with ADMIN keyword disabled (which is default) 
is not one of them.




While 
some tools are "security aware" and will check via SAF before doing 
something stupid, far too many tools need to be controlled at the 
PROGRAM level. 


Rick,
Can you list the tool which need to be controlled at PROGRAM level?
I'm curious.


> A "happy medium" might be to develop inhouse tools that
> allow certain "dangerous" tools to be used in a strictly
> controlled manner.

There is another risk: IBM tools are widely known and documented. 
Inhouse tools can have some "secret backdoors". Or at least you have to 
prove there are no such backdoors. It's virtually impossible without 
thorough code inspection.




Regarding AMASPZAP and Ed's mail:

The problem is not related to AMASPZAP. Completely! You mentioned that 
sysprog *copied* it to another APF library (or even the same, under new 
member name) - in this case PRGRAM protection no longer works! The 
security breach is an update to APF library, not lack of PROGRAM 
protection. AMASPZAP is powerful tool but all the functions are under 
SAF control.


--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl


Sąd Rejonowy dla m. st. Warszawy 
XII Wydział Gospodarczy Krajowego Rejestru Sądowego, 
nr rejestru przedsiębiorców KRS 0000025237

NIP: 526-021-50-88
Według stanu na dzień 01.01.2009 r. kapitał zakładowy BRE Banku SA (w całości 
wpłacony) wynosi 118.763.528 złotych. W związku z realizacją warunkowego 
podwyższenia kapitału zakładowego, na podstawie uchwały XXI WZ z dnia 16 marca 
2008r., oraz uchwały XVI NWZ z dnia 27 października 2008r., może ulec 
podwyższeniu do kwoty 123.763.528 zł. Akcje w podwyższonym kapitale zakładowym 
BRE Banku SA będą w całości opłacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html






















					Reply via email to