On Sun, 8 Dec 2024 23:07:22 +0000 Richard Zierdt <[email protected]> wrote:
:>Name/Token pairs are pretty useful, but how secure are they? :>If created on a system level (IEANTCR, IEANT_SYSTEM_LEVEL) could any address space access the pair if the name was known? I presume yes. How difficult is it to "guess" the name? Yes. :>Is there a control block chain of name/token pairs that any (authorized / unauthorized) program can "read" to see every name/token in the system, regardless of level, or just those pairs created with system level ? Yes. :>If no, and the pairs are safely hidden away and/or encrypted, then fine. It isn't. :>If yes, then it's an open book, and care might be taken before putting sensitive data in the token. Don't put it in the token. Put a pointer to a protected area. :>However, even if these pairs are an open book, the token could be encrypted by the creator. Same with the name. How does that help? -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
