On 19 July 2011 20:59, Starr, Alan <[email protected]> wrote:
> The subject of an APF-authorized program invoking a program that runs > non-APF-authorized has been discussed many times here. The admonishment not > to turn JSCBAUTH on, after having turned it off, has been repeated many times. I think the advice is given and repeated, not because it's an inherently insecure thing to do, but because getting the details exactly right in all cases is extremely difficult. > I wonder how the initiator manages to invoke PGM=apfpgm (APF-authorized) and > then PGM=nonapf (not APF-authorized) for a subsequent step or job. As with porcupines (or hedgehogs), and how they do it: "very carefully". Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
