On Sat, 20 Jun 2020 18:09:35 -0500, Walt Farrell wrote:
>
>Time Of Check To Time Of Use. As you're making the check, a security
>administrator might be changing the rules. Your program might end up getting a
>false positive or false negative.
>...
>It is much simpler, and safer, and in genera
On Sat, 13 Jun 2020 23:32:02 -0400, Bob Bridges wrote:
>Gil, you mustn't think I plan to make it a habit but I think I'm going to
>disagree with you on every point, here:
>
>o Well, maybe not on the first one: What's "TOCTTOU"?
Time Of Check To Time Of Use. As you're making the check, a securi
http://mason.gmu.edu/~smetz3
From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of
Paul Gilmartin [000433f07816-dmarc-requ...@listserv.ua.edu]
Sent: Sunday, June 14, 2020 5:55 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: HOW DO I VERIFY A USE
[rel...@us.ibm.com]
Sent: Monday, June 15, 2020 8:21 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: HOW DO I VERIFY A USERID'S ACCESS TO A DATASET
A security jock should treat an access query with a negative reply as a
violation as serious as attempting the access and failing.
All should agree. Tha
Hi Folks,
Just wanted to say that I've posted David Spiegel's Assembler
program and REXX to File 836 on the Updates page, as 3 members:
RACROUTE (assembler program), RACRAUTH (rexx), and RACROUT$ (assembly
JCL). I would recommend renaming the RACRAUTH rexx to something like
DSAUTH, but f
A security jock should treat an access query with a negative reply as a
violation as serious as attempting the access and failing.
All should agree. That's one of the reason that customers can request
logging of such requests.
Peter Relson
z/OS Core Technology Design
On 14 Jun 2020 14:55:45 -0700, in bit.listserv.ibm-main
(Message-ID:<0385558663798702.wa.paulgboulderaim@listserv.ua.edu>)
000433f07816-dmarc-requ...@listserv.ua.edu (Paul
Gilmartin) wrote:
G4> A security jock should treat an access query with a
negative reply as a violation as seriou
On Sun, 14 Jun 2020 15:51:25 -0400, Bob Bridges wrote:
>
>B5> Ok, so things change; I still don't see why that means one shouldn't ask.
>How is partial information (that is, it'll work under most circumstances but
>not under all) worse than no information at all? One can't be sure that the
>lo
Further comments below.
-Original Message-
From: Bob Bridges [mailto:robhbrid...@gmail.com]
Sent: Saturday, June 13, 2020 23:32
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Paul Gilmartin
Sent: Saturday, June 13, 2020 22:0
On Sat, 13 Jun 2020 23:32:02 -0400, Bob Bridges wrote:
>
>o Well, maybe not on the first one: What's "TOCTTOU"?
>
GIYF. It's my habit to verify initialisms before I use them.
>o Access rules are indeed complicated to simulate.
> ...
>o Of course the rules are subject to change. I can't s
On 13 Jun 2020 21:45:00 -0700, in bit.listserv.ibm-main
(Message-ID:)
dspiegel...@hotmail.com (David Spiegel) wrote:
I am aware of CBT 106. I presented my solution in case the
user wanted to know if s/he had access.
If so, s/he could avoid all of the paperwork and
permission required to chang
Hi Arthur,
I am aware of CBT 106. I presented my solution in case the user wanted
to know if s/he had access.
If so, s/he could avoid all of the paperwork and permission required to
change IKJTSOxx etc. (which is probably almost never granted).
I had a job at a large bank and asked for IKJTSOxx
On 13 Jun 2020 21:22:07 -0700, in bit.listserv.ibm-main
(Message-ID:)
dspiegel...@hotmail.com (David Spiegel) wrote:
Here is my solution ...
1) An Assembler program ... Does not to be APF Authorized,
if ESM is RACF. (If ESM is ACF/2 or TSS, it needs APF
Authorization).
Your program asks "D
Hi Colleagues,
Here is my solution ...
1) An Assembler program ... Does not to be APF Authorized, if ESM is
RACF. (If ESM is ACF/2 or TSS, it needs APF Authorization).
2) A Rexx Exec
RACROUTE TITLE 'RACROUTE STATUS=ACCESS'
RACROUTE CSECT ,
RACROUTE AMODE 31
RACROUTE RMODE ANY
SAVE (14
Gil, you mustn't think I plan to make it a habit but I think I'm going to
disagree with you on every point, here:
o Well, maybe not on the first one: What's "TOCTTOU"?
o Access rules are indeed complicated to simulate. But why simulate them? Just
ask RACROUTE and get an answer. Mind you a)
On Sat, 13 Jun 2020 16:58:52 -0400, Arthur wrote:
>On Sat, 13 Jun 2020 09:10:01 -0700 (PDT), Michael DeChirico wrote:
>
>>Are there any hlasm code examples on how to user RACROUTE
>>to verify a userid's access to read/write a dataset?
>
It has been written here by Walt Farrell, among others:
Don'
On Sat, 13 Jun 2020 09:10:01 -0700 (PDT), in
bit.listserv.ibm-main
(Message-ID:)
Michael DeChirico wrote:
Are there any hlasm code examples on how to user RACROUTE
to verify a userid's access to read/write a dataset?
Check CBT file 106:
http://www.cbttape.org/ftp/cbt/CBT106.zip
There are
17 matches
Mail list logo