IBM SC41-5420-04 Creating Exit Programs, Adding Your Exit Program to the Registration Facility

Table 9. TCP/IP Application Exit Points (continued)

Creating Exit Programs

There are several steps involved in designing and writing exit programs. They include:

1.Review the purpose of the exit point and the format of its interface

2.Define the scope and operation of your exit program

3.Design the exit program

4.Code the exit program

5.Add the exit program to the appropriate exit point in the registration facility. (See “Adding Your Exit Program to the Registration Facility” for instructions on how to do this.)

Note: Only users with both *SECADM and *ALLOBJ authority are allowed to add and remove TCP/IP application exit programs.

6.Test your exit program

vTests for each user ID

vTests for each operation

The most important step in establishing security exit programs is verifying that the exit program works. You must assure that the security wall works and does not have any weaknesses.

Notes:

1.If the exit program fails or returns an incorrect output parameter, the operation will not be allowed by the TCP/IP application.

2.To ensure the highest level of security, create the exit program in a library that has *PUBLIC authority of *EXCLUDE and give the exit program itself a *PUBLIC authority of *EXCLUDE. The TCP/IP application adopts authority when it is necessary to resolve and call the exit program.

Adding Your Exit Program to the Registration Facility

To add your exit program, run the Work with Registration Information (WRKREGINF) command. The following display is shown:

Appendix B. TCP/IP Application Exit Points and Programs 81