On Sat, 30 Nov 2013 20:25:36 -0600, Jim Thomas <[email protected]> wrote:
>My service is a SRB and given, SRBPARM, will be executing some code that I >am given. That sounds extremely unsafe, from a system integrity perspective. In general you cannot depend on an unauthorized caller to give you code that is safe to run in an authorized state. It can be safe for an unauthorized caller to request you to do a particular function, if you check the parameters fully and if all the actual code that you will run is contained within (built into) your authorized function. But if the unauthorized caller is providing the code that will run then you will need to provide a lot more information about exactly what the unauthorized caller is before we can give any advice on how you can do that safely. And it is quite likely that there is no safe way for you to do it. So, more details, please. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
