× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2005

Re: Questions on "Calling PC Commands from RPG" article

On 10/27/05, Scott Klement <midrange-l@xxxxxxxxxxxxxxxx> wrote:
>
> > Case on password is important.
> > Didn't find any error log when PC command failed for any reason.
>
> RUNRMTCMD creates a spooled file that contains any output (including
> errors) from the PC command.


Found it! Good to know!

> 'start notepad' works, but 'start notepad.exe' does weird stuff.
> > Have to find out if RMTUSER & RMTPWD can be omitted (usage to be
> confined
> > within a user application issuing the RUNRMTCMD; if the user is running
> the
> > application, the RUNRMTCMD is valid for the user.)
>
> There's no way the Windows server can know if the iSeries user is running
> a particular application. Remember, securing the client-side of the
> connection doesn't really help you. Anyone (unless blocked by a firewall)
> can run commands on the incoming remote command service from anywhere.
>
> A Windows or Unix user can use the rexec command, which is similar to the
> RUNRMTCMD command to execute commands on the Windows PC. Indeed, even
> from the iSeries, you could use rexec in QShell, or the rexec() API from
> an application. Or if they can't do any of that, they can always write
> their own rexec program.
>
> The only thing keeping it relatively secure is that they have to supply a
> valid userid/password. Think carefully before you remove that
> restriction!


Obviously good points. I guess I see the beauty of the security in the Java
solution. It takes commands only from an iSeries data queue which, I
believe, can be locked down fairly securely. Locked down as in it's possible
to restrict who can send a DQE and perhaps even restrict the application(s)
that can do it. Please someone tell me if I'm wrong on that.

On the rexec side of the security equation, it seems less clear to me. I
know I've seen warnings about this in the past, but I've never pursued it
much prior to yesterday.

- Dan

-

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.