Hi Phil, It is an Endevor utility that prevents everyone from selecting their own options. This keeps the control under the Endevor Admins. And out of the applications programmer/consultant.
If you feel that this is too greater risk for the benefit gained then ask them to put in a check for the production ID, or authid for execution. Regards, Herman Stocker -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Phil Sidler Sent: Thursday, April 23, 2009 12:44 PM To: [email protected] Subject: APF question Anyone running a program called EDVPARM? A consultant is trying to convince us to install this program to an authorized library with AC(1). Looking at the source concerns me. It appears that you can pass it a program name and parameter list and the program will ATTACHX it. This seems like a big hole to me. What if you pass it IRXJCL for example? Or? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html - -- The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening any attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects. The sender's employer is not liable for any loss or damage arising in any way from this message or its attachments. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
