On Tue, 18 Mar 2008 10:53:44 -0500, David Eisenberg wrote: > >Yikes! > >Our programmers occasionally ZAP a load module in a test load library, which is >fine. When the time comes to promote the load module into a production load >library, however, I would like our change management package to prevent the >promotion of any load module which has been zapped. I'm prepared to do that >check programmatically via an exit, if I have a reasonable way of doing it. > Extract a secure checksum (e.g. SHA-1 from ICSF) when the load module is generated, and verify it when it is moved into the production load library. RACF protect the following:
o The data set in which the checksums are stored for the interim. o The data sets in which the load module resides while the checksums are generated, to close timing windows. Even simpler, keep the load module in a RACF-protected library mirroring to the test library, and move it to the production library from that secured library, not from the test library. You might still want to compare the test copy and the copy being promoted to guarantee that what was tested is being promoted. Ugly scenario: the programmer saves a copy; zaps the test library; tests; then restores the saved copy. Again, what gets promoted is not what got tested. Perhaps you need to secure and control the test library. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
