On Wed, 23 Sep 2009 10:40:33 -0400 P S <[email protected]> wrote: :>On Wed, Sep 23, 2009 at 10:27 AM, Binyamin Dissen :><[email protected]> wrote: :>> On Wed, 23 Sep 2009 07:27:56 -0500 Robert Birdsall <[email protected]> wrote:
:>> :>Having said that, I don't believe it is a large risk. Something like PARMX, which :>> :>can be explicitly stated to ONLY work for programs that support it (I'm talking :>> :>about documentation, not code) puts the responsibility for abending (or :>> :>worse) programs on the shoulders of the users who improperly use it. > :>> Unless it is given to an APF program which then overlays key0 storage. :>But that's true of any program, any interface. By that rationale, APF :>programs shouldn't exist, or shouldn't be allowed to do anything, or :>something... You are missing the point. The APF program was written to the spec that the parameter will never be more than 100 characters, and it was enforced by JCL. You are changing the rules allowing an end user to supply a longer parameter which may cause overlays - without requiring a code change to the APF program, i.e., giving an end user the ability to crash or subvert the system. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
