>Okay. I hear you. Here is the business problem. > >I need to develop program X. It must run APF-authorized to do one of the >things it needs to do. I have written APF-authorized programs before and I >more or less know what I am doing. I know enough to ask (some of?) the right >questions and have the proper concerns. > >It also needs to do something we will call "processing A." It just so >happens that there is an IBM program Y that does exactly A. (In fact, the >real purpose of program X is front-ending program Y and doing some >additional things, one of which requires authorization). The IBM program is >AC=0 in an authorized library. I of course do not have the source for Y and >so cannot inspect it for potential integrity issues. > >What do you suggest? Must I re-write Y from scratch so I may be relatively >certain of its integrity?
I suggest that you develop program X as an unauthorized program, and develop a PC or SVC routine Z to do the one thing which requires authorization. This of course requires that Z follows the system integrity rules. If you instead develop program X as APF-authorized, then program X should not invoke IBM program Y unless IBM program Y's documentation explicitly states that it is safe to invoke program Y in an APF-authorized environment. Jim Mulder z/OS System Test IBM Corp. Poughkeepsie, NY ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
