>SRB's are a big security exposure so customers are unlikely to open them to their programmers.
SRBs are the same level of security exposure that APF-authorized tasks are. So if an application is already APF-authorized, switching to enclave SRBs is not intrinsically more of a security exposure than already existed. It is true that SRBs are more likely to tend to be key 0 than authorized tasks, but that is not a security exposure. That is a "greater potential for screwing up a system due to overlay of something critical" exposure. >Is the code that runs under the ZIP and ZAP >process code that normally run without any privileges in a problem >state? Only if the perpetrator is irresponsible. It is far from unheard of to have to take an application written to be unauthorized and make it authorized. But if anyone thinks it is as simple as changing the linkedit characteristic to AC=1 and placing it in an APF-authorized library, then they need to be re-educated (and quickly if they're the one responsible for the implementation). Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
