To summerise rob's and Walt's argument, the security applied to apf panel in sdsf was a mistake and i believe ibm will remove it in next release...
You can't hold the stick from both sides. ITschak בתאריך 27 בינו׳ 2018 5:06 אחה״צ, "Peter Relson" <[email protected]> כתב: > As Rob Scott pointed out, the information displayed is available to any > program. There is no system integrity issue with displaying any of this > information. > Changing that data to be fetch protected (which is the only way to protect > it) would be unacceptably incompatible and would break existing tooling. > > If a customer does not have their APF or PARMLIB or LNKLST or LPA > libraries properly protected, that is a different matter entirely, and is > one of the reasons why there is a RACF health check related to APF. > Restricting DISASM would not gain anything practical, since it is already > only displaying data that the user is permitted to access; restricting it > would just cost an interested party a little bit of extra time. > > The information itself cannot be "exploited". Customer security gaps can > be exploited. > > Security by obscurity (which is what you'd get to a small extent if what > was asked for was implemented) is often only a little better than nothing. > > > I'm quite sure that the request will be declined. > > Peter Relson > z/OS Core Technology Design > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
