|
Jim, I have the PC program pass in user ID and password. Then call API QSYGETPH see http://as400bks.rochester.ibm.com/pubs/html/as400/v4r5/ic2924/index.htm?info/apis/QSYGETPH.htm without allowing the special password cases or qsecofr. If that is ok then I submit (under that user profile passed in) a sockets program to listen on a port that is unique for that submit. And I will do that even if I can not get the parm thing to work. The service program was the route I was going, but I thought I would give this a shot with the calling programs with different parms. I was having them pass in the user id, password and program to call, then my submit looked at the program name and submitted a sockets program to do the call. It still seams a waste to me to have to write a sub procedure for every RPG call (I think two sub procedure one in the main program and one in the submitted program, still not a lot of work) . Now I might find that it takes a lot on the PC side every time that the 4 to 10 lines on the AS/400 side are not so bad. But I am hoping to write an activex component on the PC side, to make that easier. If you see any other flaws let me know. Thanks John Ross At 03:17 PM 7/3/01 -0700, you wrote: >[snip] >Now some what ifs. > >Oh, cool, your AS/400 has this socket program to run programs and accept >parameters. I'll just right a real quick socket program on a PC and have >it run the API to change my authority, or create a new user profile with >*ALLOBJ, or open up the FTP port so I can FTP in, or have it dump the >QSYSOPR user profile so I can brute force the password or... You just >blew security wide open. > >I think it would be better to write one program for each AS/400 program >you want to run, or validate the list of programs. As for copying the >sockets source code this is perfect for writing a module and putting in >a service program. Code your socket program so it accepts parameters >such as what program to run. Test it, put in in a subprocedure, compile >in a module and create a service program. > >Now, write a very small RPG program that calls this subprocedure and >passes it the port number to listen to and the program to run, or whatever >you want. Now you can control the flow security wise more easily, and >you don't have to rewrite the socket program every time. I envision the >RPG program that call the socket to listen and run the program to be maybe >4 to 10 lines long en-total. > >Something like: > >C Eval SocketPort = 12333 >C Eval RunProgram = 'ARRPT01' >C CallP RunSocketListener(SocketPort, RunProgram) > >Regards, > >Jim Langston +--- | This is the RPG/400 Mailing List! | To submit a new message, send your mail to RPG400-L@midrange.com. | To subscribe to this list send email to RPG400-L-SUB@midrange.com. | To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
