All, I agree with Susan. The argument that you can get at the data anyway from the OS does not hold up as that is the nature of the environment. Users can mv, rm, cp files today. They can also use binary editors to 'fix' hashed files if they want to all, bypassing the traditional UV interface. To do this IBM would just have to add a .Type19 file to the directory, and modify the .Type1 - although why there is still a Type 1 file with its restrictions I do not know. The .Typex file would contain the header information which normally is in the header of the hashed file - where appropriate. Why we are at it, why restrict dictionaries to be hashed files - I cannot think of a reason why they have to be hashed - maybe someone from IBM can tell me.
Cheers, Phil Walker +64 21 336294 [EMAIL PROTECTED] Gnosys Consulting Limited 11 Woodward Road, Mount Albert, Auckland 1003, New Zealand DISCLAIMER: This electronic message together with any attachments is confidential. If you are not the intended recipient, do not copy, disclose or use the contents in any way. Please also advise us by return e-mail that you have received the message and then please destroy. Gnosys Consulting limited is not responsible for any changes made to this message and / or any attachments after sending by Gnosys Consulting limited. We use virus scanning software but exclude all liability for viruses or anything similar in this email or any attachment -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Joslyn Sent: Thursday, February 03, 2005 1:38 AM To: u2-users@listserver.u2ug.org Subject: RE: [U2] Unidebugger Chuck, Nope, forgot about that one. You're right, triggers cannot be used on "directory type" files. We did ask IBM for that at the U2UG meeting in Las Vegas last September. Their chief argument against them was that you can get to those "directory" files from outside U2 anyway. But I likened that argument to "let's leave the front door wide-open because the back one won't lock." If we had triggers for all file types then we could certainly put tracking on Unidebugger, couldn't we? And that's worth something even if we have still left those program directories exposed from UNIX. Because note this -- by NOT putting in those triggers we have NOT done anything about the fact that the files can be edited from outside U2. And that protection can be worked out another way -- or the weakness documented and other mechanisms used to validate. To me the most significant argument in its favor is the fact that we want to allow this on our development machines or accounts. The live directories can be locked up tight with UNIX permissions and writes only allowed by regular software deployment using a librarian login, etc. The fact that its wide-open on the development machines is not as big an issue if we control what gets to the live machine. Something is better than nothing -- and I'll say again what I've said at least a thousand times. SOX didn't come into being to protect against the kind of folk who can make UNIX edits using vi. If anyone knows of any case anywhere, where financial fraud has occurred this way - by a legitimate employee user (not a hacker, that's a whole different conversation) then I would love to hear about it. I'm not saying it should be discounted as a possibility, just that we shouldn't spend too much time on that -- its like focusing on a crack in the pavement while the bus is screaming down on us. I hope that IBM is listening -- and if anyone agrees with me that triggers are critical in today's IT, please put your two cents in. (For all file types, with an efficiency that makes them usable.) Just full of long stories, Susan Date: Tue, 1 Feb 2005 23:34:57 -0500 From: "Stevenson, Charles" <[EMAIL PROTECTED]> Subject: RE: [U2] Unidebugger From: Susan Joslyn > [snip] Gordon, I would think that you could address it with file > triggers... any reason why you can't? triggers wont work on type 19 files. Programs have to be type 19 files. Can PRC work around that one? cds ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
