Re: Questions on "Calling PC Commands from RPG" article

[Dan <dan27649@xxxxxxxxx>]

Hi Tim,

I got your example to work, but embedded blanks in the subject and/or body
are problematic.

Gonna look at this again next week.

Thanks,
Dan

On 10/27/05, Hatzenbeler, Tim <thatzenbeler@xxxxxxxxxxxxx> wrote:
>
> Dan did you ever get the mailto to work withen java...
>
> If not, this should work...
>
> c* eval data = 'notepad.exe'
>
> c* eval len = 500
>
> /free
>
> data = 'cmd /c start mailto:somebody@xxxxxxxxxxxxx?subject=something';
>
> len = 500;
>
> /end-free
>
>
>
> c eval key = 'xxx.xx.21.95'
>
> c eval keyln=20
>
>
> tim
>
> -----Original Message-----
> From: midrange-l-bounces@xxxxxxxxxxxx
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Dan
> Sent: Thursday, October 27, 2005 2:24 PM
> To: Midrange Systems Technical Discussion
> Subject: Re: Questions on "Calling PC Commands from RPG" article
>
> On 10/27/05, Scott Klement <midrange-l@xxxxxxxxxxxxxxxx> wrote:
> >
> > > Case on password is important.
> > > Didn't find any error log when PC command failed for any reason.
> >
> > RUNRMTCMD creates a spooled file that contains any output (including
> > errors) from the PC command.
>
>
> Found it! Good to know!
>
> > 'start notepad' works, but 'start notepad.exe' does weird stuff.
> > > Have to find out if RMTUSER & RMTPWD can be omitted (usage to be
> > confined
> > > within a user application issuing the RUNRMTCMD; if the user is
> > > running
> > the
> > > application, the RUNRMTCMD is valid for the user.)
> >
> > There's no way the Windows server can know if the iSeries user is
> > running a particular application. Remember, securing the client-side
> > of the connection doesn't really help you. Anyone (unless blocked by a
> > firewall) can run commands on the incoming remote command service from
> anywhere.
> >
> > A Windows or Unix user can use the rexec command, which is similar to
> > the RUNRMTCMD command to execute commands on the Windows PC. Indeed,
> > even from the iSeries, you could use rexec in QShell, or the rexec()
> > API from an application. Or if they can't do any of that, they can
> > always write their own rexec program.
> >
> > The only thing keeping it relatively secure is that they have to
> > supply a valid userid/password. Think carefully before you remove that
> > restriction!
>
>
> Obviously good points. I guess I see the beauty of the security in the
> Java
> solution. It takes commands only from an iSeries data queue which, I
> believe, can be locked down fairly securely. Locked down as in it's
> possible
> to restrict who can send a DQE and perhaps even restrict the
> application(s)
> that can do it. Please someone tell me if I'm wrong on that.
>
> On the rexec side of the security equation, it seems less clear to me. I
> know I've seen warnings about this in the past, but I've never pursued it
> much prior to yesterday.
>
> - Dan
>
> -
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
> unsubscribe,
> or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
> moment to review the archives at http://archive.midrange.com/midrange-l.
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>