The SESSIONSECURITY command would work for sessions exactly as the
JOBSECURITY command works for jobs.

But upon deeper reflection, the SESSIONSECURITY command is probably not the
right vehicle here.

The LOW/HIGH options of SESSIONSECURITY are probably not very useful and
the file creator attributes associated with the PASSEXEMPT option could not
be established with the STARTSESS command - so the
JOBSECURITY/SESSIONSECURITY comparison cannot be made along the same criteria.

However, even absent a not very useful SESSIONSECURITY command, MPE should
have the sense to not prompt an SM user for a password - irrespective of
any PASSEXEMPT setting - and apply that rule for both the STREAM command
and STARTSESS command.

I don't believe this would present any security breach and would result in
a more secure O/S, since there would be reduced need for embedded passwords.

I don't know how big an effort this change would involve.


At 09:11 AM 1999-01-07 -0800, Donna Garverick wrote:
>Gilles Schipper wrote:
>
>> It would be nice if there were a SESSIONSECURITY command for sessions that
>> could avoid the use of such embedded passwords - as with job streams when
>> the PASSEXEMPT option of the JOBSECURITY command is utilized.
>
>this is an interesting suggestion...how about an elaboration on how it would
>work?             - d
>
>--
>Donna Garverick     Sr. System Programmer
>925-210-6631        [log in to unmask]
>
>>>>MY opinions, not Longs Drug Stores'<<<
>
>
---------------------------------------------------------------------------
Gilles Schipper
GSA Inc.
HP3000 & HP9000 System Administration Specialists
300 John Street, Box 87651   Thornhill, ON Canada L3T 7R4
Voice: 905.889.3000     Fax: 905.889.3001
Internet:  [log in to unmask]
---------------------------------------------------------------------------