On Wed, 29 Jul 2009 00:51:28 -0500, Chris Craddock <[email protected]> wrote:
>On Tue, Jul 28, 2009 at 4:32 PM, Martin Packer <[email protected]>wrote: > >> I've spoken about the "Denial Of Service Attack" possibility many times in >> the past. I believe it to be real (if you'll pardon the pun). :-) >> IEFUSI/MEMLIMIT have to be effective to contain that. It's not, as has >> been said, a decision for end user groups / businesses but rather it's >> basic technical hygiene. >> >The basic problem is that there is no empirical way to distinguish between a >legitimate critical business function that needs a few more gogglebytes >"right now!" and Joe Dope the app dev whiz kid trying to run a squillion >objects in his jvm in twenty batch jobs "coz its cool". IEFUSI and all of >the other arcane mechanisms are of very questionable value in each case. >Chances are good they would reject the first (legitimate) use and not stop >Joe the Dope.. They get in the way of legitimate resource usage and since >they require source code modification, assembly and dynamic replacement to >get past a middle of the night "oops", they are probably not the best way to >tackle the problem. > >These are old mechanisms of very limited flexibility or usefulness. The z >community needs better ones now. It is long past time that the OS began to >take care of these resource management issues itself instead of making the >system programmer and application programmer play this inane game of >guessing how much (virtual!!!) memory a given application is going to use. >There is no correct answer. > Hi lurker, I certainly agree the controls could be better / more flexible. PARMLIB options... whatever. Meanwhile, I have a production environment to support so I have to do the best I can with the controls I have. In this case IEFUSI in combination with SMFPRMxx. The way I have it implemented now a simple SMFPRMxx update and SET command can change it at 0-dark 30 if needed. Another point... it really doesn't matter if there is a *sudden* (read: never planned, tested, expected) legitimate need for googlebytes. My system can't handle it and I'd rather fail one application than an entire system. Cheers, Mark -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group - ZFUS G-ITO mailto:[email protected] z/OS Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
