Chuck, here at Centerfield we were toying with the idea of adding that
feature to one of our products.  I don't recall how high in the development
priority list it got though.  I could get you in touch with some people here
and perhaps you can escalate it enough so it gets done.
Let me know if you're interested.
Elvis

-----Original Message-----
Subject: [Security400] SQL and IT Controls

Group:
 
We are attempting to wrestle with a final Sarbanes Oxley issue relating to
SQL, specifically using STRSQL via the command line.  While STRSQL is
restricted to those who have a business need to use it, our problem relates
to the potential for data manipulation and changes that are not logged.  Our
development staff can use it (but not update production data) but our
security officers can of course use it, AND update production data.  It is
NOT practical for us to journal all of our production data libraries.  While
I do have STRSQL command usage logged via the OS/400 audit journal, (we know
who uses it and when) it does not provide the log of activity within the
STRSQL session.
 
Are there any tools on the market that can log the activity within the
STRSQL session?   Any feedback you can provide would be GREATLY appreciated!
 
Chuck Bower
VP of IS
Coachmen Technology Services, Inc.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.