----------------------------------------------<snip>-------------------------------------
If I use an SVC, is this true? If the SVC does something or returns some
information that needs to be protected, then I need to use RACF to decide who
can call it or who cannot? And everyone said not to use a magic SVC, and I get
that. But if that SVC is also protected by RACF, is it at all a viable
solution?
-------------------------------------------<unsnip>----------------------------------------
Any so-called "Magic SVC" is going to be hard to protect via RACF; the
necessary code, blocks, etc. might get rather cumbersome. Using
established APF mechanisms might be sufficient. But if you use the
established mechanisms, you can bypass any magic SVC stuff right from
the get-go. And since you and the rest of the Systems staff SHOULD be
controlling ALL non-System APF code, you should be able to exercise
complete control.
If you are returning information that needs to be protected from other
users, keeping it in your own address space should provide pretty good
security. How many comman applications use cross-memory services, and
how many application programmers even understand what cross-memory
services can or cannot do?
It might be helpful if you could detail exactly what you wish to
accomplish. ??
Rick
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html