Paul, Personally I am a great fan of IKJTSOxx *and* the fact that TSO CALL de-authorizes the called program by default.
Is it that much of a pain? You only need to update it when installing software and IBM even provide a dynamic update facility. Rob Scott Rocket Software, Inc 275 Grove Street Newton, MA 02466 617-614-2305 [EMAIL PROTECTED] http://www.rs.com/portfolio/mxi/ -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Paul Gilmartin Sent: 19 September 2006 11:12 To: [email protected] Subject: Re: Why AUTHPGM? In a recent note, Binyamin Dissen said: > Date: Tue, 19 Sep 2006 17:53:46 +0300 > > :>o Isn't it equally true that AC=0 programs may fail to clean up :> > after themselves? > > Yes, but they cannot leave things around that may cause an exposure. > I see. I believe a better design would mark the programs themselves, such as AC=2 to indicate "APF authorized _and_ TMP-clean" rather than burdening the administrators with maintaining YA list, such as the ISV entries I see in our AUTHPGM NAMES. -- gil -- StorageTek INFORMATION made POWERFUL ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
