On Thu, 21 Jun 2007 12:55:58 -0400, Barkow, Eileen <[EMAIL PROTECTED]> wrote: > >And just why is it a security breach to allow someone to look at a >dataset they cannot update?
Please give me read access to the data set that has your SS# and credit card information. I promise not to update it. On Thu, 21 Jun 2007 13:32:36 -0400, Farley, Peter x23353 <[EMAIL PROTECTED]> wrote: >Again, why? What possible security exposure could result from application >programmers browsing PARMLIB? AFAIK there aren't any passwords or any >"secrets" stored there that would give any programmer the ability to bypass >RACF or any other active security protocol. If that's true, why UACC(NONE)? >Even if (to take an old and probably obsolete example) there are user SVC >numbers listed in PARMLIB which when used would provide supervisor state and >key zero, RACF and/or other active security in the SVC code itself should >already prevent said programmer from actually using that SVC unless >authorized to do so, so where is the harm is letting the SVC number be >known? Because it is an additional layer of security. Some of the information in there could help lead someone to a security circumvention. Yes, it is security by ignorance - but there is nothing wrong with that in addition to other controls. Why revoke a userid after "n" number of wrong password attempts. Why are there firewalls? Why require VPN to access your systems over the internet when there are other authentications once you get there? If it was your company and your ay ess ess on the line, you might think differently. Mark -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group: G-ITO mailto:[EMAIL PROTECTED] z/OS and OS390 expert at http://searchDataCenter.com/ateExperts/ Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
