> -Original Message-
> From: IBM Mainframe Discussion List On Behalf Of SUBSCRIBE IBM-MAIN
Joe H. Smith
>
> Hi to all..
> How to enable security to CICS region..
http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DFHT5C00/CCON
TENTS
-jc-
>How to enable security to CICS region..
1. Have you read the manuals?
2. Have you tried to do any research before you asked here?
-
Too busy driving to stop for gas!
--
For IBM-MAIN subscribe / signoff / archive access instruct
Hi to all..
How to enable security to CICS region..
Thanks,
N.Suresh
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives a
On Sun, 4 Apr 2010 20:38:02 +, Ted MacNEIL wrote:
>>If it's a blanket statement such as, "Use of any SMP/E function allows
>>compromise of system integrity, therefore only highly trusted personnel
>should be permitted use of any SMP/E function," the hole is far from closed.
>
>Yes! Yes!! And,
>If it's a blanket statement such as, "Use of any SMP/E function allows
>compromise of system integrity, therefore only highly trusted personnel
should be permitted use of any SMP/E function," the hole is far from closed.
Yes! Yes!! And, YES!
If you can't/won't explain the issue, how can you allo
On Sun, 4 Apr 2010 18:03:50 +, Ted MacNEIL wrote:
>>I'd be very hesitant about giving away something that might enable
>>"destructive influences" to further their aims.
>
>It's a damned if you do/don't.
>I thank IBM for closing a hole.
>But, without knowing anything about what the exposure is
I don't see that the extremely unlikely case of a customer subject to a
non-disclosure agreement releasing integrity APAR documentation is going to
dissuade any customer from reporting an integrity exposure.
I do expect that the customer's legal department is likely to be far more of
a deterrent t
>I'd be very hesitant about giving away something that might enable
>"destructive influences" to further their aims.
It's a damned if you do/don't.
I thank IBM for closing a hole.
But, without knowing anything about what the exposure is, how do we know how to
configure the security settings?
-
-
For the clever attacker, it is to his advantage for those
integrity issues to NOT be discussed.
That's not the question. Is it to his advantage for the discussion to be
private, between the reporter and the developer? T
>The length of granularity is optional based on one's shop's philosophy.
That's what I'm trying to understand.
What philisophical basis is there for the granularity smaller than read or
write?
That's where I'm lost.
I've worked in many shops, and the SYSPROGs were responsible for products, not
In
,
on 04/03/2010
at 10:47 AM, Don Williams said:
>For the clever attacker, it is to his advantage for those
>integrity issues to NOT be discussed.
That's not the question. Is it to his advantage for the discussion to be
private, between the reporter and the developer? The only situations in
In <553635.9909...@web54605.mail.re2.yahoo.com>, on 04/03/2010
at 09:48 AM, Ed Gould said:
>We had a *REALLY* good applications programmer that simply bypassed any
>and all protections we had,
Every time that I've seen anything similar it's been lax security code,
not a bug in the system. I'm
In <312947.22077...@web54607.mail.re2.yahoo.com>, on 04/01/2010
at 10:37 PM, Ed Gould said:
>Now for the 10 dollar question where is it documented?
Well, I know where IEFYS was documented in OS/360, but I have ne idea
where it is these days. Exits?
--
Shmuel (Seymour J.) Metz, SysProg
In , on
04/01/2010
at 02:15 PM, "McKown, John" said:
>I found a way that is simpler for me. Go to the first line in the range.
>Press V to go into Visual mode. Page or arrow down to the last line in
>the range.
That's okay if it's a small block, but not for a large block. What if you
want to
In <001201cad3a3$e3bf5e60$ab3e1b...@baker@hfdtechs.com>, on 04/03/2010
at 11:06 PM, "John P. Baker" said:
>How about IBM providing a channel through which integrity APAR
>documentation can be obtained subject to a nondisclosure agreement?
What is the risk factor? Would users be as willing to
In <4bb5b791.2050...@bremultibank.com.pl>, on 04/02/2010
at 11:23 AM, "R.S." said:
>Just to order nomenclature:
I believe that the issue is grammar. If you parse "FACILITY class profile"
as "profile in the FACILITY class" then it's correct, although confusing.
The IBM documentation seems to u
SYSPROGs are subject to the role concept just like any
other employee or contingent worker. Whether their
role is broad or narrow is a shop specific decision,
thus influencing the application of granularity.
The length of granularity is optional based on one's
shop's philosophy.
-Ori
In our organization the security staff (which includes
me) never make access decisions. Never, never. Our
data assets are owned by various business units,
including system programming type assets, and all
access decisions are made by their respective owners.
Middle of the night callers have begg
John P. Baker wrote:
I can understand IBM not wanting to make integrity APAR documentation generally available.
IBM does not and cannot know when an individual customer may apply the associated PTF, so publicly detailing the nature of the exposure can place customer installations at risk.
At
In ,
on 04/02/2010
at 05:12 PM, Wayne Driscoll said:
>The only way that security checks are bypassed is via
>the NODSI option in the PPT.
No; that only bypasses the dataset ENQ in Allocation. There's a bit in the
JSCB that an authorized program[1] must turn on if it needs to bypass
dataset s
In <4bb60e54.4030...@phoenixsoftware.com>, on 04/02/2010
at 08:33 AM, Edward Jaffe said:
>I would interested to hear from others about their experiences...
I've seen a number of security-related APAR, and I'd challenge the term
"hidden APAR". The APAR itself is not hidden, only the descriptio
In , on 04/02/2010
at 03:20 PM, Paul Gilmartin said:
>So, now sheer conjecture. ASMA90 may or may not do exhaustive SAF
>checking. Why should it feel obliged to? It was designed to run
>unauthorized. So a maliciously crafty programmer could code an SMP/E
>APPLY step which invokes ASMA90; p
In , on 04/01/2010
at 11:21 PM, Brian Peterson said:
>Please note that you won't see APAR IO11698 itself in IBMLink
Are you sure? My understand is that an integrity APAR can be displayed in
IBMlink but that the sensitive details are not include in the public APAR
text.
>If you do not define
In ,
on 04/02/2010
at 03:29 PM, "Starr, Alan" said:
>I had always thought that NODSI was applied at ALLOCation time to
>determine whether or not a SYSDSN ENQ is to be issued.
It is. It has nothing to do with SAF checking.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO positio
In , on 04/02/2010
at 11:17 AM, Paul Gilmartin said:
>I've long wondered about this. Does this mean, in turn, that all
>utilities GIMSMP invokes (IEBCOPY, Binder, Assembler, et al.) must
>likewise be authorized?
No.
>It is my understanding that an authorized
>program ABENDs if it attempts
In <4bb6037b.6020...@phoenixsoftware.com>, on 04/02/2010
at 07:47 AM, Edward Jaffe said:
>Ever tried to invoke IEBCOPY from a REXX?
Works fine[1] under TSO; IRXJCL is another matter.
[1] Assuming that it's in the TSO authorized program table.
--
Shmuel (Seymour J.) Metz, SysProg and
I run Hercules 3.06 under HercGUI 1.11 on my Vista laptop without problems.
But you will find more of us on the Hercules groups on yahoo.com (h390-vm,
h390-mvs).
/Tom Kern
Ravi Kumar wrote:
> Hi Team,
>
> Does anyone having experience installing Hercules Emulator on Window Vista??
> i
> hav
Sorry I get this list's digest and somehow I replied directly to Barry.
I am re-posting in case anybody else is interested.
===
Hi Barry,
If we are talking about the IMS log record suffix, it is actually 16
bytes, and the first 8 b
On Sat, 3 Apr 2010 23:16:46 -0700 Ed Gould wrote:
:>
:>From: Binyamin Dissen
:>To: IBM-MAIN@bama.ua.edu
:>Sent: Sat, April 3, 2010 3:28:36 PM
:>Subject: Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition
required for any SMP/E use
:>On Sat, 3 Apr 201
29 matches
Mail list logo
