In <[email protected]>,
on 12/22/2010
at 01:47 PM, Lindy Mayfield <[email protected]> said:
>If I use an SVC, is this true? If the SVC does something or returns
>some information that needs to be protected, then I need to use RACF
>to decide who can call it or who cannot? And everyone said not to
>use a magic SVC, and I get that. But if that SVC is also protected
>by RACF, is it at all a viable solution?
An SVC that checks SAF and performs a narrowly delimited function if
authorized is fine. An SVC that turns on JSCBAUTH is an invitation to
disaster.
There is a mechanism for switching an address space between authorized
and unauthorized use, but the people with enough experience to use it
safely already know about it.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
