Re: Processing Ideas Needed:

Hi Wilm,

Bob G. has explained this: put an ACL on the executable file, and issue
the pertaining identifier only to that one user.

You'll have to forgive me as I rarely pay much attention to anything Bob G
has to say (especially stuff such as "Shareable image installed with the
needed privilege.") but when it comes to the application of your/Bob's
solution to Chuck's problem, can I ask you to clarify a couple of things for
me: -

1) How does Chuck's Webserver assume the "only (1) particular user id", and
the associated identifier, whilst handing over to the image activator in
order to run the Executable installed with privs?
2) Does it create, and rundown, a new VMS process for each client request?
3) Does it use some dodgy inner-mode personae that manages to survive image
rundown?
4) Does it keep the process lying around in case the (1) user id is needed
again?
5) Where does the logfile go?
6) Has non-interactive logins for (1) user id been clicked over?
7) How does the success (Job entry number, perhaps pending status, or
execution queue) or failure get returned to the user?
8) If (1) user id decides to submit the job again, does he have to enter his
username/password again or is it held in some dogy cookie or session
variable?
9) What sort of expiration time do you put on that crap?
10) What window of opportunity for Session Hijacking is good/small enough?

Yep, welcome to VMS development! What have we had so far? FAL jobs with
proxy usernames, Cookies, Session IDs, New processes (let alone image
activation) for each request, and polling for file existance. (I'll throw in
the inevitable "Use ODBC and an external function to the submit the batch
job and put an ACL on the function") All of this brought to you via HTTP and
a codepath that would tempt Alexander the Great to reach for his sword!
Funnily enough, I suspect that all Chuck wanted was a RPC.

Hey, there's a thought! Where are the SOA guys and the brave new world of
WSIT? Gentlemen, this is your chance to shine! Get out here and show Chuck
what you've got. All he wants to do is submit a simple bloody batch job; how
much XML, WSDL, and Java can that take?

HP is paying you a fortune to sit on your arses read manuals on Service
Oriented Architecture, and to port a whole lot of crap to VMS that nobody
wants; perhaps you might wish to show some fruits for all of the investment?

Cheers Richard Maher

"Wilm Boerhout" <w5OLD.PAINTboerhout@xxxxxxxxx> wrote in message
news:46ce68f1$0$25476$ba620dc5@xxxxxxxxxxxxxxxxxxxxxx
on 24-8-2007 1:24 Richard Maher wrote...
Hi Chuck,

[snip]

Cheers Richard Maher

PS. If you go the Installed image route then you may want to ask how you
restrict Execute access to it to you "only 1" specific user.

Bob G. has explained this: put an ACL on the executable file, and issue
the pertaining identifier only to that one user.

/Wilm


.