In <45d79eacefba9b428e3d400e924d36b902deb...@iwdubcormsg007.sci.local>, on
12/15/2009
at 11:21 AM, "Thompson, Steve" said:
>Now, let's assume that you do not have permission to that file. BUT, you
>know that if you build a "long name" that uses your userid as the HLQ and
>prepend that to the D
On Tue, 15 Dec 2009 15:07:13 -0600, Kline, Martin wrote:
>Steve wrote:
>>Assume that the real file name is 44 characters long and that is the way
>>it is held in the VTOC.
>>
>>Now, let's assume that you do not have permission to that file. BUT, you
>>know that if you build a "long name" that use
> -Original Message-
> From: IBM Mainframe Discussion List
> [mailto:ibm-m...@bama.ua.edu] On Behalf Of Howard Brazee
> Sent: Tuesday, December 15, 2009 2:53 PM
> To: IBM-MAIN@bama.ua.edu
> Subject: Re: Could DSNAME length restriction be bypassed if
> catalog allow
>Now, let's assume that you do not have permission to that file. BUT, you
know that if you build a "long name" that uses your userid as the HLQ
and prepend that to the DSN, you will cause SAF to be passed the LONG
name, not the real name, and this will allow you, via volume specific
allocation, to
On Tue, 15 Dec 2009 15:07:13 -0600, Kline, Martin wrote:
>
>I suppose if I were to assume that the SYSDSN enqueue could never be coded
>to handle greater than 44 character dsnames, then I see what you mean. On
>the other hand, maybe the enqueue could be coded to use exact length of
>dsname or a hig
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Kline, Martin
Sent: Tuesday, December 15, 2009 3:07 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Could DSNAME length restriction be bypassed if catalog
allowed longer ALIAS names?
I'm gla
>Let me point out two possible security risks.
>Assume that the real file name is 44 characters long and that is the way
>it is held in the VTOC.
>Now, let's assume that you do not have permission to that file. BUT, you
>know that if you build a "long name" that uses your userid as the HLQ
>and p
On 15 Dec 2009 09:49:53 -0800, kees.vern...@klm.com (Vernooij, CP -
SPLXM) wrote:
>Finally your local need can be easily beaten down: it will probably come
>from the same users that start complaining when they have to invent a
>password longer than 6 characters. By the time they are fully willing
>Wouldn't that risk exist with the current IDCAMS ALIAS facility?
>Isn't SAF checking done on the actual (VTOC) data set name, not
on the alias?
Tyhe answer is YES.
Resolve, then check.
-
Too busy driving to stop for gas!
--
For
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Martin Kline
Sent: Tuesday, December 15, 2009 9:40 AM
To: IBM-MAIN@bama.ua.edu
Subject: Could DSNAME length restriction be bypassed if catalog allowed
longer ALIAS names?
I'm just thr
All the time when reading your idea, besides thinking of several other
complications, I was wondering: why?
Finally your local need can be easily beaten down: it will probably come
from the same users that start complaining when they have to invent a
password longer than 6 characters. By the time
ailto:ibm-m...@bama.ua.edu] On Behalf
Of Staller, Allan
Sent: Tuesday, December 15, 2009 9:43 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Could DSNAME length restriction be bypassed if catalog allowed
longer ALIAS names?
How do you get around the 44 byte key length restriction (for
compatability) on
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of
Martin Kline
Sent: Tuesday, December 15, 2009 9:40 AM
To: IBM-MAIN@bama.ua.edu
Subject: Could DSNAME length restriction be bypassed if catalog allowed longer
ALIAS names?
I'm just thr
On Tue, 15 Dec 2009 09:39:51 -0600, Martin Kline wrote:
>
>Expanding a little bit, SMS processing could potentially define long names as
>aliases automatically and generate actual names using some schema like
>temporary name generation. Doing this would mask the effort of mapping long
>and short
On Tue, 15 Dec 2009 11:51:51 -0600, Paul Gilmartin wrote:
>Wouldn't that risk exist with the current IDCAMS ALIAS facility?
>Isn't SAF checking done on the actual (VTOC) data set name, not
>on the alias?
>
Correct, gil. The alias has no relevance for security purposes.
His point about long nam
du
Subject: Could DSNAME length restriction be bypassed if catalog allowed
longer ALIAS names?
I'm just throwing this idea on the table, and expect either little interest
or
strong opposition. What if catalog support allowed ALIAS names to exceed 44
characters?
First, yes, I did search the a
eux
veilleu...@aetna.com
(860) 636-2683
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of
Vernooij, CP - SPLXM
Sent: Tuesday, December 15, 2009 10:55 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Could DSNAME length restriction be bypassed if cata
On Tue, 15 Dec 2009 11:21:07 -0500, Thompson, Steve wrote:
>
>Let me point out two possible security risks.
>
>Assume that the real file name is 44 characters long and that is the way
>it is held in the VTOC.
>
>Now, let's assume that you do not have permission to that file. BUT, you
>know that if
How do you get around the 44 byte key length restriction (for
compatability) on catalogs?
I'm just throwing this idea on the table, and expect either little
interest or
strong opposition. What if catalog support allowed ALIAS names to exceed
44
characters?
---
On Tue, 2009-12-15 at 10:39 -0500, Martin Kline wrote:
> As a local business case - There are those twice-a-year instances when users
> can't seem to create a meaningful and acceptable name in under 45
> characters.
We have some automation that archives datasets, producing a snapshot
copy of DAT
I'm just throwing this idea on the table, and expect either little interest or
strong opposition. What if catalog support allowed ALIAS names to exceed 44
characters?
First, yes, I did search the archives. Second, Yes I understand the
implications.
The cost and impact of supporting long alias
21 matches
Mail list logo
