Re: F$GETJPI doesn't match SHOW PROCESS/ACCOUNTING
- From: "Richard Maher" <maher_rj@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 1 Mar 2007 20:50:59 +0800
Hi David,
Depends - how easy is it to automate?
The server side? It's extremely easy! (One configuration-file record per
application) On the client side you've got a scripting language(s) and what
you do with it is up to you. I open up the application private, full-duplex
conduit and TP capability between your proven VMS 3GL development and
run-time environment and any front-end (in this case html and Javascript in
a Browser) what you choose to send down the line is your business
If you are willing to invest a small amount of your time (I certainly am)
then I suggest that I help you install an evaluation copy of Tier3 and then
get that html/javascript/java example functioning before your very eyes.
It's really quite easy, and a working example paints a thousand newsgroup
posts.
If you'd like to know a little more first, then please look at my last two
entries (27/28 Feb - with code attached) in the following ITRC thread: -
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1071300.
All you *have* to do is the html/Javascript/COBOL(3GL)! (The Java is just
"If you want to")
Given how dangerous this stuff is (requires privilege), I don't thinkmaking it
"point-and-click" playtime is really appropriate.
With Tier3 applications, you choose the default user name that execution
server processes will be created under. (I must stress here that Tier3
places *no* requirement on this username to have *any* privileges!) If your
application-specific functionality requires this username to have elevated
privileges then that's up to you. Alternatively, what I *do* give you is the
T3$PERSONA_ASSUME System Service that allows your server code (once again
without privileges) to assume the persona/rights/privileges of the client on
whose behalf your server is performing this unit of work.
For example, look at my example Cobol code DEMO_UARS.COB in the above
thread. I call T3$persona_assume at the end of the User_Logon routine so
that the User_Recv routine executes as the client would, until I
SYS$persona_assume(iss$c_id_natural) in the User_Logoff routine. The net
result is that the Client *only* gets to see/modify those queue entries that
VMS (and no one else!) says they are entitled to see.
When the html page is first displayed in the browser my Java Applet pops up
a Modal Dialog box for Username and Password. If you get it wrong an "Access
Denied" page is displayed, your UAF record has Log Fails incremented, and
Intrusion Detection is persued in line with your System Manager's policy. If
you get it right Log Fails is initialized and Last Non-Interactive login
time is updated. Whatsmore, if you left the "Login Confirmation" checkbox
ticked on the first dialog box then a second dialog box is displayed
informing you of last login times and number of failures since last
successful login. The second you change pages (or refresh the current page)
in the browser, then the connection is dropped and you'll have to login
again. Sound good so far?
The only thing to mention is that it doesn't have SSL at the moment, so I
wouldn't walk into you local internet cafe and enter the system password,
but in a VPN or IPsec or Intranet situation you may wish to consider it.
(The VMS OpenSSL code is C and so crap I've been loathe to look at it :-(
Much easier for you on the Java side though :-)
Regards Richard Maher
PS> See the attachment to the 4th note (my second) to the above thread on
Oct 26, 2006 for a complete description of Tier3 and, in particular,
T3$PERSONA_ASSUME.
PPS> Note to self: - Does Java re-initialize collected memory? Better stomp
on password after it's sent.
"David J Dachtera" <djesys.no@xxxxxxxxxxxxxxxx> wrote in message
news:45E62F00.580D5CEF@xxxxxxxxxxxxxxxxxxx
Richard Maher wrote:presumably
Hi David,
It looks like you're doing this que lookup stuff in DCL and are
making itvery happy with it. But I'm just curious to know if using a html and
Javascript front-end was as easy as below, whether you'd consider using
that.
Depends - how easy is it to automate?
Given how dangerous this stuff is (requires privilege), I don't think
"point-and-click" playtime is really appropriate.
--
.
- References:
- Re: F$GETJPI doesn't match SHOW PROCESS/ACCOUNTING
- From: David J Dachtera
- Re: F$GETJPI doesn't match SHOW PROCESS/ACCOUNTING
- Prev by Date: Re: Is it possible to boot OpenVMS from an IDE disk on an ES40?
- Next by Date: Re: Can Samba be used to access Windows files on VMS
- Previous by thread: Re: F$GETJPI doesn't match SHOW PROCESS/ACCOUNTING
- Next by thread: SWAT using Samba v3 on VMS8.2
- Index(es):
Relevant Pages
|
