On Tue, 15 Dec 2009 15:07:13 -0600, Kline, Martin wrote:
>Steve wrote: >>Assume that the real file name is 44 characters long and that is the way >>it is held in the VTOC. >> >>Now, let's assume that you do not have permission to that file. BUT, you >>know that if you build a "long name" that uses your userid as the HLQ >>and prepend that to the DSN, you will cause SAF to be passed the LONG >>name, not the real name, and this will allow you, via volume specific >>allocation, to now read that data (or write to the file). > >I'm glad you pointed that out, but I'm not sure why there's an >assumption that this is the only possible implementation. Of course >security is a consideration. How it could be managed is entirely open. As Gil pointed out and Walt confirmed, a data set alias is _not_ used for security checking. Steve's speculation is simply incorrect. -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
