On 2015-11-18 16:17, R.S. wrote: > W dniu 2015-11-18 o 22:05, Paul Gilmartin pisze: >>> >> Sophistry! If the user is not authorized, it's de facto unavailable and >> should be treated as such.
> I dare to disagree. > The service is up and ready. It does not allow anyone to use it, but even > unauthorised user will get response. > Still sophistry. What SMP/E should be asking is, "Can this job use CSNBOWH?" which is what SMP/E needs to know, not "Is CSNBOWH available to properly authorized users, even if not to this job?" If ICSF supports no such query, then SMP/E should take the empirical approach: request the OWH of some standard document (perhaps the null string) and if CSNBOWH does not return the proper hash, consider it "unavailable". If the intent is to avoid triggering security violation alerts, the design fails: I suspect that what SMP/E is doing causes such alerts. > Of course the question is why to block CSFBOWH, what is the rationale behind? > Especially since with a little reverse engineering (most of the instructions have been supplied in this forum over years) any user can use GIMJVCLT as an alternative. I suppose that also could be disabled. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
