No matter how much knowledge and money you have available, you can't be 100% secure (we still have APF). You can only secure known exposures as well as the technologie permits and reduce area's of risk. While z/OS can be extremely secure, you don't review IBM's code for exposures. How about vendor code? Do you upgrade products and know they did not introduce an exposure. Are the employee's 100% infallible and trustworthy.
Security is by nature obscurity. There is a saying that the solution to the problem only changes the problem. As others have said, this is a question about money, willingness and perseverance to find a hole. Userid's, passwords and securid are obscure (unlikely but possible to guess). Encryption is unlikely but possible to break given time and willpower (they say CIA can crack 256 byte keys). RACF protects datasets from some users but not others. APF libraries are limited and access restricted but some users must have access. Sysprogs get more access to system datasets when installing new releases and updates. We consider these to be secure but there are ways you can get at them with luck, persistence and willpower. Jon Perryman. >________________________________ > From: Scott Ford <scott_j_f...@yahoo.com> > > > >You can secure the environment one is responsible for with correct knowledge >and funding > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN