On Mar 2, 2012, at 05:38, Peter Relson wrote: >> This runs afoul of IBM's practice of "security through obscurity" > > That's not a practice or policy of which I am aware. Quite the opposite. > You have a short memory, or perhaps you weren't a participant.
On Tue, 13 Apr 2010 09:43:46 -0500, Walt Farrell wrote in: http://bama.ua.edu/cgi-bin/wa?A2=ind1004&L=ibm-main&P=537239 Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition required for any SMP/E use ... However, of all the functions described above, several need to be controlled very carefully. Users who are granted access to these resources have the potential to undermine system security regardless of any data set protections you may have in place. Therefore, they should be as trusted, for example, as users who have authority to update APF authorized libraries. ... I have been given the requisite authority; my job requires me to use SMP/E. Please tell me what operations I must avoid, given my authority, in order not inadvertently to "undermine system security". Absent that information, my perception of security through obscurity stands. I grant it's not uniform. As a contrasting example, with respect to UA52087, IBM makes sufficient information available that users know what they must not do. Thanks, gil
