× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Sorry I haven't followed this thread completely, but is it possible that the end-user at "home" (which leads me to believe that anything goes) could have a Mac or Unix computer, not a PC?

-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx [mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of Loyd Goodbar
Sent: Monday, June 15, 2009 12:41 PM
To: RPG programming on the IBM i / System i
Subject: Re: Access pc file from RPG program

One of the problems, and the reason everyone is offering alternate
suggestions, is the additional control resides on the user's computer, and
can potentially be examined, scrutinized, changed, copied, or deleted by the
user. For instance, if a user has "admin rights" to their machine, all bets
are off, it is just like signing on with *SECOFR class; they can do whatever
they desire to the machine.

"Obviously" this can be somewhat secured with group policy or whatnot.

How about some other items that may be less subject to change than an INI
file?
* MAC address (can be cloned or changed)
* Machine name / DNS name of client (can be changed)
* Client certificates, machine specific.

Another idea is machine specific PKI. Now this is something that could be on
the user's machine, but if changed would render useless any application
control.

This is a problem many people (and vendors) have tried to resolve with
differing levels of success. Personally, some kind of machine specific key
(PKI, or SHA-1 hash of some information *that can be indepently duplicated
and verfiied*) seems like a better idea.

For example, take a SHA-1 hash of the user's *assigned* IP address, MAC
address, and machine/DNS name. Store that in the database (server). Assuming
(I know a big IF) this information is available during the 5250 signon
process, the i5/OS can dynamically calculate the hash. You could store the
hash on the PC, but it would only be a *verification* not a *validity*
mechanism.

I don't have a good answer for this. Any time you store something on the
user's machine, consider it suspect!!

--Loyd



On Mon, Jun 15, 2009 at 12:16 PM, Chamara Withanachchi
<chamaraw@xxxxxxxxxx>wrote:

Ip + this pc based .ini file or access pc register

.Ini file contains a unique key for the pc

Then I have dual control.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.