Monday, September 24, 2012

Security was a less-noticed but major issue in the old mainframe world


I was trying to recall today how we used to do mainframe elevations back in the 1980s at Chilton Credit Reporting in Dallas (now Experian).  We had Roscoe but not TSO-ISPF; we had sophisticated RPF’s.
I think when we did an elevation, the programmer submitted only the source, copycode, and link decks.  Another area recreated the production load modules.  This would guarantee integrity.

At USLICO and then ReliaStar, the programmer moved the load modules, too.  We had TSO-ISPF but got Roscoe later. We had used Panvalet, but in 1990 we got CA-Librarian (like Endeavor).  The programmer was supposed to “process” (that is, lock) the source before moves to guarantee integrity, but this did not start getting enforced until late 1991.  Change-Man, used by ReliaStar, automatically forced this kind of integrity.

This sort of issue becomes part of the back story of my novel, where a mysterious mainframe computer hack had occurred fifteen years earlier, as part of the back story of one of the characters coming together to solve an existential mystery. 

Security was a risk in the mainframe world, long before there was widespread use of the public Internet.  
 Tape label processing was considered an important security issue.  In fact, in the 1970s, Sperry-Univac’s 1108-1110 system backup utility was called “@Secure”. 

By the late 1980s, it had become common to block normal update access to production files by programmers.  Some programmers found this inconvenient, and even argued that programmers should be bonded. 

No comments: