imo, IAM ranks right up there with GOTO
just for my info ( sorry for my ignorance on this one ) ,
- what is the point in this type of cataloging ?
- how would such a subroutine ever be called other than from within a an
account named 'vendor' ?
- does the calling code also EXECUTE "IAM vendor" before CALLing the
catalogued routine ?
- if this is simply a namespace issue, why not call the routine
vendorSUBR42 ?
as for not a bug ...
- why document these as read-only variables ?
- why generate a compiler error ?
gerry
----- Original Message -----
From: "Ray Wurlod" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, September 11, 2004 06:08 pm
Subject: Re: [U2] major (?) @var security hole
> It's not really a bug - they even supply a command (IAM) for changing the
logical account name. This is used by some software vendors who use the
(Prime-style) CATALOG verb and get their routines prefixed with the vendor
name. For example:
> IAM vendor
> CATALOG BP SUBR42
> *vendor*SUBR42 cataloged.
> -------
> u2-users mailing list
> [EMAIL PROTECTED]
> To unsubscribe please visit http://listserver.u2ug.org/
-------
u2-users mailing list
[EMAIL PROTECTED]
To unsubscribe please visit http://listserver.u2ug.org/
