| View previous topic :: View next topic |
| Author |
Message |
ravi.alpha
Beginner
Joined: 31 Mar 2009
Posts: 18
Topics: 7
|
 Posted: Thu May 14, 2009 3:52 am Post subject: Best pratices in Cobol: Error Handling |
 |
|
This is one of the questions popped up in one of the interview with client
Best practices in Cobol: Error Handling
Pls share your thoughts. |
|
| Back to top |
|
 |
dbzTHEdinosauer
Supermod
Joined: 20 Oct 2006
Posts: 1411
Topics: 26
Location: germany
|
| Posted: Thu May 14, 2009 5:04 am Post subject: |
|
|
Since it was an interview with client, I would say: I would follow site standards.
Now, if you are interviewing for a job that would entail 'creating site standards', then you would have to give them an answer.
_________________
Dick Brenholtz
American living in Varel, Germany |
|
| Back to top |
|
|
ravi.alpha
Beginner
Joined: 31 Mar 2009
Posts: 18
Topics: 7
|
| Posted: Thu May 14, 2009 6:26 am Post subject: |
|
|
I am sorry for miss directing.
I mean it is an interview for a mainframe developer Job. |
|
| Back to top |
|
|
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12378
Topics: 75
Location: San Jose
|
| Posted: Thu May 14, 2009 11:31 am Post subject: |
|
|
ravi.alpha,
IMHO it doesn't matter what language you code, Error handling is common for any language. some of the simple error handling conditions in COBOL are
Errors in string operations
Errors in arithmetic operations
Errors in input-output operations
Errors in sort/merge operations
Exceptions on the CALL statement
user-written error-handling routines
I suggest you read this document and think like a cobol programmer and code the error handling procedures.
http://www.eso.org/~almamgr/AlmaAcs/OnlineDocs/ARCUSErrorHandling.pdf
Kolusu |
|
| Back to top |
|
|
ravi.alpha
Beginner
Joined: 31 Mar 2009
Posts: 18
Topics: 7
|
| Posted: Thu May 14, 2009 10:28 pm Post subject: |
|
|
Thanks Kolusu, the above information helped.
I have also posted a request related to Secure coding standards used in COBOL DB2 and CICS application.
1. I am creating a document which points out all the possible security related issues which can happen due to bad coding.
for example.
1. A Represtitve who works for a bank and he found a bug in the system which helped him to access all the Non public information.
2. Avoid Displaying the Non public information in sysout.
3. Due to bad coding the user intentionly can make it to go into loop which can cause system outage.
.
.
I am looking for some good coding pratice which can address this kind of issues.
I can see secure coding standards avaible for C and Java in the below link. I am looking for similar kind of doucment or some suggestion.
https://www.securecoding.cert.org |
|
| Back to top |
|
|
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12378
Topics: 75
Location: San Jose
|
| Posted: Thu May 14, 2009 10:57 pm Post subject: |
|
|
ravi.alpha,
 how did error handling end up about standards for secure coding? You already opened a topic about secure coding and you did receive inputs from the 2 of the best programmers around. As mentioned in the security topic, you cannot relate everything in the open systems to mainframes.
All the examples you have quoted has got nothing to do with Error handling. Let me answer your concerns
| Quote: |
1. A Representative who works for a bank and he found a bug in the system which helped him to access all the Non public information. |
Unless you have a very poor RACF setup , I don't see how that is possible on MAINFRAME. The DB2/RACF authorizations aren't that easy to bypass. The only way I can see that happen is if he stole the password of a DBA/Systems programmer
| Quote: | | 2. Avoid Displaying the Non public information in sysout. |
This should be eliminated in unit/system testing. Any Job with sysout of more than 1k lines is to looked at and fixed. Also most commercial shops restrict the display to less than 2k Lines(abends are exception).
| Quote: |
3. Due to bad coding the user intentionally can make it to go into loop which can cause system outage. |
Again this is an issue which is nailed in the unit/system testing. If it passed that stage then you need to check your development process. Most job classes have cpu time limits. Commercial shops avoid the coding of time=1440 on job card. Most commercial shops have system monitoring where the operators are notified periodically about long running jobs and they contact the person responsible for the job.
IMHO you need spend time on coding an efficient/bug free code
Kolusu |
|
| Back to top |
|
|
ravi.alpha
Beginner
Joined: 31 Mar 2009
Posts: 18
Topics: 7
|
| Posted: Thu May 14, 2009 11:16 pm Post subject: |
|
|
kolusu,
I work for a customer and I have started coding some application in Cobol,Db2 and CICS. I have been questioned by customer 'What secure coding standards you are using while coding mainframe application' and similar question raised with respect to error handling. Now I am in a looking for secure coding standards for Cobol, CICS and Db2 application.
All the above senarios are my thinking. This might be a very basic thinking form my side. |
|
| Back to top |
|
|
|
|
|
FAQ
Search
Quick Manuals
Register
Profile
Log in to check your private messages
Log in
