In a recent note, David Cole said: > Date: Sun, 20 Aug 2006 09:51:44 -0400 > > Authorized programs can breach security. > There are too many reasons why authorized programs have to be written. > There are too many people who write authorized programs. > There are too many people (both inside a Corp. and outside[!]) who > have the right to install authorized programs into authorized libraries. > > If I were responsible for security, I would be concerned. > What are the authorization requirements of software your company markets? I perceive you wish they could be less.
VM is better in z/OS in this respect. I know utilities that require APF authorization on z/OS, but operate comfortably in class G virtual machines in VM production environments. VM CP can restrict the set of devices a server can manipulate, and provide interprocess communication to that server without giving that server higher privileges. Could the same thing be done with an LPAR in z/OS? Restricting the devices the LPAR can manipulate while allowing a developer to IPL and configure whatever system he chooses for testing in that LPAR but not in a production LPAR? -- gil -- StorageTek INFORMATION made POWERFUL ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
