On Tuesday, 06/01/2010 at 11:42 EDT, David Boyes <dbo...@sinenomine.net> wrote: > Depends on the auditor. For some, it will. For others, it won't. YMMV.
Natch. One must always challenge a flawed finding. Likewise, one must accept the valid ones. Wisdom is knowing the difference. [With apologies to Dr. Niebuhr.] > > I say "somewhat" since I think that the 3270 datastream is ripe for the > > host to be able send an "enable/disable/query screen lock" to the > > emulator, independent of any OS-level locks, and potentially > > appropriate > > to the specific application. (Some apps access more sensitive data > > than > > others.) > > I don't remember -- is the state of the key lock reported? If so, you could > probably overload the screen lock state onto that 3270 state without having to > reengineer stuff. No, key lock is not reported, being a completely local phenomenon. I was thinking along the lines of the host causing the emulator to enable the workstation's (or its own) lock program just by sending a special order or structured field. When the user types a password, the data flows back to the host for validation. Kind of like an http challenge. Of course, VM's ability to disconnect the session from the virtual machine accomplishes the same thing, but it's rather heavy handed. Alan Altmark z/VM Development IBM Endicott
