CICS Socket Interface - Tips and Techniques - Security

"Internet Security - Your Worst Nightmare"?
"In the clear" or "clear text" network traffic issues.
IBM supplied listener security exit point - default name is EZACICSE in SECEXIT configuration option.
EZACICSE performs a security check before incoming CICS socket tasks are initiated.
If security exit module is not provided, all valid transactions are initiated, with the USERID of the Listener task.
See appendix for trivial assembler sample EZACICSE.
A 1-byte switch must be set to allow or deny the start of a new CICS socket task.
The security exit may perform any valid CICS function, but minimize processing in this (and preferably all) exits.
You could validate transaction to particular CICS region(s).
You could (and probably should) set the USERID to be associated with the particular transaction identifier(s).
You could do EXEC CICS VERIFY PASSWORD processing if desired.
Exit could be used to reduce the "clear text" network traffic noted above.

Display the Security Notes, or Jump to Application Tips and Techniques, or Jump to Table of Contents.

The URL for this document is <http://nersp.nerdc.ufl.edu/~sfware/share93/security.html>.

Last updated on August 4, 1999, by Steve Ware, <mailto:sfw@nersp.nerdc.ufl.edu>.

Page 15 of 26