> > Just curious. How much of an exposure exists if a user knows the name of > a data set [s]he can't open? >
The typical concern is that an unprivileged user may be able to persuade a privileged user (e.g. some STC) to access data the unprivileged user was not otherwise entitled to and/or to disclose that data to some third party. The terms are fairly generic, e.g. the "third party" might be as mundane as a networked printer. If the dataset is always accessed using the true requestor's identity then "no harm no foul". If you know the dataset name then there is at least some chance you may pass it to someone who's not so choosy. If a privileged server accesses that resource using its own identity then all bets are off. If you don't know the dataset name it gets to be more difficult to develop such back door attacks - or so the theory goes. This is more of a concern on other platforms, but it's still at least a theoretical issue on z/OS. CC ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
