On Tue, 6 Oct 2009 15:41:10 -0500, Rick Fochtman wrote: >>> >>??? Testers didn't have SURROGAT (I assume they weren't Production >>Support, and didn't have access to automation), and they didn't >>know the production password? How were they bypassing? >> >-------------------------------<unsnip>---------------------------------- >Until the RACF amd JES2 controls were available, they would use IEBGENER >to submit a PDS member to INTRDR. We stopped most of that by changing >the PROD id's password and not letting it be known. We also used a TSO > "Most"? I would expect "all". Do you mean that the password was leaked to some unauthorized persons?
>SUBMIT exit to parse the JOB statement on any SUBMIT'ed JOB statement, >removing the USER and PASSWORD operands (among others) and cutting an > Isn't there a JES or INTRDR exit (discussed here long ago) that should be preferred to the SUBMIT exit because it traps all jobs, not just those SUBmitted by TSO. (Nowadays FTP "QUOTE SITE FILE=JES" provides another bypass.) >SMF record for violations. After a few reprimands to persistant >violators, we managed to convince people that our standards were NOT >just "window dressing" and the majority of the problem went away. One >person was able to "hack" his way past all our standards, etc. by using >a 3rd party SVC; he was terminated when we finally got tired of >listening to his "excuses" and dealing with the problems he caused. The > Career death wish? >owner of the SVC was informed of how it was being abused and has >installed safeguards to prevent recurrance. They have also supplied the >SVC code in source form to allow us to "critique" their fix. Thank you, >CA/IDMS Tech Support. Your action was timely, effective and efficient. >(Big bouquet of roses) Vastly different from the various responses of >your "Marketting Team". :-) > Good for them. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
