Name token pairs can be scanned by rexx. Google for an example. We use name token and FXE (if you are a vendor, ask ibmfac for a vendor slot). Sensitive data pointed from both should be encrypted.
ITschak *| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux and IBM I **| * *|* *Email**: [email protected] **|* *Mob**: +972 522 986404 **|* *Skype**: ItschakMugzach **|* *Web**: www.Securiteam.co.il **|* בתאריך יום ב׳, 9 בדצמ׳ 2024 ב-19:59 מאת Charles Mills <[email protected]>: > First off, if the hypothetical malicious program that you are worried > about is running authorized then all bets are off. APF is the skeleton key > to all of the locks in the kingdom. Reading random name/token pairs is the > least of the problems. > > > How difficult is it to "guess" the name? > > If the name the programmer has chosen is p@ssw0rd then pretty easy. If > the chosen name is some quasi-random 64-bit number, then not so much. IOW, > it's up to you how easy to guess. > > Can you chase a control block chain and read all of the pairs? I am going > to guess yes, so, a prudent programmer might put a pointer into the > name/token pair and encrypt the data that the pointer pointed to. Not sure > if encrypting the name buys anything, but perhaps I have not thought it > through sufficiently. > > Charles > > On Sun, 8 Dec 2024 23:07:22 +0000, Richard Zierdt < > [email protected]> wrote: > > >Name/Token pairs are pretty useful, but how secure are they? > > > >If created on a system level (IEANTCR, IEANT_SYSTEM_LEVEL) could any > address space access the pair if the name was known? I presume yes. How > difficult is it to "guess" the name? > > > >Is there a control block chain of name/token pairs that any (authorized / > unauthorized) program can "read" to see every name/token in the system, > regardless of level, or just those pairs created with system level ? > > > >If no, and the pairs are safely hidden away and/or encrypted, then fine. > >If yes, then it's an open book, and care might be taken before putting > sensitive data in the token. > > > >However, even if these pairs are an open book, the token could be > encrypted by the creator. Same with the name. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
