On Wed, 23 Sep 2009 11:59:26 -0400 "Thompson, Steve" <[email protected]> wrote:
:>Might I suggest that you are being a bit myopic? Or perhaps suffering :>from tunnel vision? Not at all. Concerned about compatibility. :>APF programs are to be written to a higher standard. Granted. But what if they were not, and coded to not expect a parm more than 100 characters as documented by the API? :>From what you have written, you believe that if someone passes an APF :>program you have written, an invalid parm, that program should accept :>that as gospel and go clobber some part of the address space (say the :>JSCB, or change the ASCBSENV, etc.) and give the caller authorities they :>should not have, right? Not an invalid PARM, an invalidly structured PARM that by definition cannot be passed. When a service (SVC, PC) is invoked by a non-trusted caller it must validate the parameters. But when invoked by a trusted caller it does not have that requirement. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
