× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2024

Re: Is there a process that would allow me to take control of an interactive session?

In the world of Sox (or ANY security-related process) that is an absolute no-no. Allowing someone else to log in to an active session ... can you not see what a massive security hole that creates? It is way worse than allowing debug in production.

There is only one correct fix - stop doing it!

As mentioned, there are design patterns that avoid this. A modernized version of one is detailed here: https://www.itjungle.com/2015/03/03/fhg030315-story01/ it is usually not too difficult to retrofit to an existing app.

P.S. I think the session adoption mechanism disappeared some time ago - one of the blocked instructions that were considered security risks. Probably been gone since at least V5.


Jon P.

On Jun 10, 2024, at 11:13 PM, a4g atl <a4ginatl2@xxxxxxxxx> wrote:

@Jack
In the world of SOX, your solution is not possible. The user management has
the last say and will not justify spending time on modifying code, Just too
much.

So the only solution is to access the job and respond on behalf of the user.

Darryl


On Mon, Jun 10, 2024 at 5:50 PM Jack Woehr via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

The transactional record-lock problem is classic!

The short answer is, "don't author transactional workflows that allow an
endpoint to lock and hold".

This is why the mainframe world has had CICS since the 1960's.

CICS/400 also exists but has almost completely disappeared.

There exist design patterns for creating well-behaved application
workflows.

If you have bad boy applications on your system, the sage advice is, "fix
them".

________________________________
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of a4g
atl <a4ginatl2@xxxxxxxxx>
Sent: Monday, June 10, 2024 1:15 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Is there a process that would allow me to take control of an
interactive session?

From time to time, a user will be in the middle of entering something like
an order when they get distracted, walk away or go home and leave the
session at that point, locking one or more records and objects.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.