From Giovanni Perotti@21:1/5 to All on Sun Feb 2 13:55:50 2020
The best way to prevent, on your system, access to highly confidential data, is to remove them from the system when not needed.
You can easily do that by saving confidential files to some offline media and delete them from the system.
Trouble is that your files, though deleted from the system, may be still there in some unallocated DASD space and can still be accessed through special tools.
The only way you can really make them unreadable on your system is to overwrite them - before deletion - with some anonymous byte stream.
Writing a program that wipes out a given physical file is not a difficult job, unless it has unique key fields.
In such a case, your program must be able to replace key fields data with correctly ascending or descending values.
However, when you have multiple different highly sensitive physical files, you will have to write such a wiping program for each of them.
What about some utility that - after retrieving record format, key fields positions, data type and sequence of a given set of physical files - wipes them out in a single shot?