Preparing security for servers
- The application programmers designing the server. They must decide what kind of security the server is to have so they can code for it and provide documentation (either verbally or in writing) for those who will run the server.
- The security administrator at the company that runs the server. They must set up the profiles based on the documentation provided with the server.
Security administrators, who might not be versed in developing programs, will learn the rationale for setting up profiles in certain ways, and application programmers writing the servers will be able to document the security requirements of their products.
Appropriate decisions need to be made regarding server security. In the past, applications had to run APF-authorized in order to be able to call RACF® to build task-level security. z/OS UNIX provides services for servers written in C to create task-level security without being APF-authorized. A server can create a thread-level security environment and control which servers have the ability to do so. You can prepare a z/OS system for a server that uses thread-level security for its clients. (Note that a thread on UNIX systems corresponds to a task on MVS™; so, thread-level security is the same as task-level security.)