On Thu, 29 Oct 2009 20:59:45 +0000, Gainsford, Allen wrote: > >If a program is only intended to be called from JCL, and it does >not cope with being called with longer parameters, then the program >is not broken. It is following the rules, and functioning as >intended. If some clever person calls the program from REXX with >a 10,000-character PARM and the program crashes, it is the caller >who is at fault. They were not calling the program as intended.
I disagree strongly. Any program designed to be executed in JCL can also be called by another program. Inputs should *always* be validated before they are used. That goes for PARM data (including the length) as well as other forms of input. For example, when reading card input that is supposed to contain numeric data, it should always be validated as numeric before using it. If the program abends with a S0C7 because there is non-numeric data on it, it is the programmer's fault, not the keypunch operator's. Moving the PARM without validating the length is no different. -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
