> __ The standard acceptable method is to call TSO/E Service Facility, > IKJEFTSR and pass it the name of an authorized module.
This is the simplest way to run an authorized command and it has the virtue that all of the other tasks in the address space are frozen while you're doing your thing, so it is quite a bit safer and less complicated than rolling your own via an SVC or PC. > __ Call an SVC that flips the JSCBAUTH bit back on. This is > non-standard. If it is to be implemented even on a development system > then added security needs to be built in to make sure it isn't misused. It is impossible to do that without opening a giant hole. No amount of security in the world can prevent that from being hacked. Abandon hope! > __ Simply put all the authorized stuff into an SVC or PC routine. Bingo. If you have the wherewithal to setup the SVC or PC then this is the preferred way to go, but it still places a significant burden on you to write your code carefully so that it doesn't end up violating integrity or security controls anyway. > That's all I've collected so far. Are there more ways? None that can be discussed in polite company :-) CC ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html