Tony, What is often quoted by the auditors is that IND$FILE will transfer data but is essentially unaudited. Thus it is treated as a potential security exposure for data leakage.
While a program control RACF check can be used it will only log the use of the IND$FILE program, rather than recording or checking on the name of the dataset which is transferred. (Even if RACF program protection is used IND£FILE can often be executed from another library or under another name to bypass those program controls. After all it does not require APF authorisation). So those of us working in security would like a "more controllable" or at least a "more auditable" replacement for IND$FILE. Does your code produce any SMF records? Does it have any security controls? Does it run APF authorised? Lennie Lennie Dymoke-Bradshaw https://rsclweb.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Tony Tancredi Sent: 09 March 2023 12:42 To: [email protected] Subject: Re: Looking for Beta Clients Hi Michael, >From OS390 to wherever the Windows PC client is running. I do understand that >FTP, TSO XMIT, and other technologies exist. What I'm trying to replace is the >IND$FILE transfers most terminal emulator users are using. If you visit my >website, you will see we are developing another product, RheoWorx, which will >perform automated workflows where data can be transferred and managed between >any nodes within the workflow, including multiple mainframes. Thanks, Tony ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
