On Mon, 9 Dec 2024 at 15:23, Charles Mills <[email protected]> wrote: > Agreed. Protected storage a much better approach than encryption. > > The OP mentioned encryption and I just went with it. > > CM > > On Mon, 9 Dec 2024 19:23:21 +0200, Binyamin Dissen < > [email protected]> wrote: > > >Yes, the pointers are documented. >
The fields in the anchoring control blocks are public, but I don't believe the actual data structure is documented. But obviously nobody should be relying on this for security. > >Would be simpler to use protected storage than obfuscation. > Are you two suggesting that the system should use fetch-protected storage for the names and tokens? Or that the application should use the existing scheme with the token pointing to protected storage? If the former, the retrieve APIs branch directly to the code that searches for the name (presumably for performance reasons), and so the storage couldn't be fetch protected without significant changes/options on the APIs. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
