On Mon, 18 May 2015 09:35:17 -0500, Elardus Engelbrecht <[email protected]> wrote:
>I don't need help with writing. I am asking whether it is a good thing or not >to protect individual DFSORT and ICETOOL >commands/keywords just like you do it with DFDSS ADMINISTRATOR keyword for >example. > >From all the online and off-list comments I see and agree: It is a bad idea. >Just protect the data (input+output) and be finished. I will >tell my auditors it is not a good idea to try to protect tools and >commands+keywords. The key point is that the DFDSS enforces security, and the ADMINISTRATOR keyword usage must be controlled, because it's purpose is to bypass certain other security checks. There is no security processing in DFSORT, and therefore there is no reason to protect any of its processing. Anyone who can read a file can always produce a modified copy of it, whether that's by using DFSORT, IEBGENER, a homegrown COBOL application, or even a simpe REXX exec or CLIST. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
