Chuck, Nope, forgot about that one. You're right, triggers cannot be used on "directory type" files. We did ask IBM for that at the U2UG meeting in Las Vegas last September.
Their chief argument against them was that you can get to those "directory" files from outside U2 anyway. But I likened that argument to "let's leave the front door wide-open because the back one won't lock." If we had triggers for all file types then we could certainly put tracking on Unidebugger, couldn't we? And that's worth something even if we have still left those program directories exposed from UNIX. Because note this -- by NOT putting in those triggers we have NOT done anything about the fact that the files can be edited from outside U2. And that protection can be worked out another way -- or the weakness documented and other mechanisms used to validate. To me the most significant argument in its favor is the fact that we want to allow this on our development machines or accounts. The live directories can be locked up tight with UNIX permissions and writes only allowed by regular software deployment using a librarian login, etc. The fact that its wide-open on the development machines is not as big an issue if we control what gets to the live machine. Something is better than nothing -- and I'll say again what I've said at least a thousand times. SOX didn't come into being to protect against the kind of folk who can make UNIX edits using vi. If anyone knows of any case anywhere, where financial fraud has occurred this way - by a legitimate employee user (not a hacker, that's a whole different conversation) then I would love to hear about it. I'm not saying it should be discounted as a possibility, just that we shouldn't spend too much time on that -- its like focusing on a crack in the pavement while the bus is screaming down on us. I hope that IBM is listening -- and if anyone agrees with me that triggers are critical in today's IT, please put your two cents in. (For all file types, with an efficiency that makes them usable.) Just full of long stories, Susan Date: Tue, 1 Feb 2005 23:34:57 -0500 From: "Stevenson, Charles" <[EMAIL PROTECTED]> Subject: RE: [U2] Unidebugger From: Susan Joslyn > [snip] Gordon, I would think that you could address it with file > triggers... any reason why you can't? triggers wont work on type 19 files. Programs have to be type 19 files. Can PRC work around that one? cds ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/