Re: Do and don't in programing (Security wise)

2009-03-03 Thread Fatemi, Reza
I have To agree with Ben -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Binyamin Dissen Sent: Tuesday, March 03, 2009 3:19 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Do and don't in programing (Security wise) On Tue, 3 Mar 2009 18:

Re: Do and don't in programing (Security wise)

2009-03-03 Thread Ivan Warren
Arthur T. wrote: Well, that defeats one of my forced abend techniques: BRC cond,*+2 This branches into the middle of the BRC (Jump) instruction, which in this case is always x'0001', resulting in an S0C1 abend. SOC1s are too common to stand out. I prefer EX R15,*(Of course, it doe

Re: Do and don't in programing (Security wise)

2009-03-03 Thread Binyamin Dissen
On Tue, 3 Mar 2009 18:05:42 -0500 "Arthur T." wrote: :>On 3 Mar 2009 14:14:45 -0800, in bit.listserv.ibm-main :>(Message-ID:) :>joa...@swbell.net (John McKown) wrote: :> :>>Well, that defeats one of my forced abend techniques: :>> :>> BRC cond,*+2 :>> :>>This branches into the middle of the B

Re: Do and don't in programing (Security wise)

2009-03-03 Thread Arthur T.
On 3 Mar 2009 14:14:45 -0800, in bit.listserv.ibm-main (Message-ID:) joa...@swbell.net (John McKown) wrote: Well, that defeats one of my forced abend techniques: BRC cond,*+2 This branches into the middle of the BRC (Jump) instruction, which in this case is always x'0001', resulting in a

Re: Do and don't in programing (Security wise)

2009-03-03 Thread Ivan Warren
Itschak Mugzach wrote: I am looking for some rules of Thumb regarding what is improper to code in a program (say Cobol, but in general, any language) from security point of view. Are there any resources on that any where? Some examples: - Do nit use literals of variables containing Account number

Re: Do and don't in programing (Security wise)

2009-03-03 Thread John McKown
On Tue, 3 Mar 2009 16:40:31 -0500, Gerhard Postpischil wrote: >Itschak Mugzach wrote: >> Any other ideas? > >Don't write code that branches into the middle of an instruction >- with proper choice of base registers and displacements, it's >possible to write a chain of code contained in another, bu

Re: Do and don't in programing (Security wise)

2009-03-03 Thread Gerhard Postpischil
Itschak Mugzach wrote: Any other ideas? Don't write code that branches into the middle of an instruction - with proper choice of base registers and displacements, it's possible to write a chain of code contained in another, but definitely not recommended. Gerhard Postpischil Bradford, VT

Do and don't in programing (Security wise)

2009-03-02 Thread Itschak Mugzach
I am looking for some rules of Thumb regarding what is improper to code in a program (say Cobol, but in general, any language) from security point of view. Are there any resources on that any where? Some examples: - Do nit use literals of variables containing Account numbers, SSNs, Etc. in your pro