Wherever possible design transaction security without application programming because it is easier to implement and change.
This type of security can be done by using an external security package, such as RACF or ACF/2, that is automatically invoked by the teleprocessing monitor when a transaction executes.
When the user requests the execution of a transaction the external security package should automatically validate that the logged on user ID can execute that transaction. If this check fails, access to the transaction is denied, and no application logic is executed.
Using CICS as the server environment, this automatic checking is achieved easily and is completely external to the application. Transaction security for servers is set up and checked in the same manner as block mode applications.
Note: For more information about these security issues, see the Host Encyclopedia Construction Guide.
|
Copyright © 2013 CA.
All rights reserved.
|
|