× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. June 2009

Re: Access pc file from RPG program

Putting it in the registry doesn't solve the problem. The user could then export the registry keys and import them on another computer. Not especially difficult to do.

Not only that, in order to read the registry from RPG, you'd need to have Windows software that reads the registry information and sends it (via socket or similar tool) back to the i. Any hacker would see this registry key going over the Internet and would be able to replicate it.

Since you'd have to write a program on Windows to send the data over the network, why bother saving it to the registry? Why not just have the program calculate the value and send it over the network, why write it to disk first?

In any case, what you are considering is a huge security problem. Any time you let the PC decide for itself if it's allowed to connect, it's going to open an exposure. It's a simple matter of trust. In order to allow the PC to "authorize itself", your IBM i has to be able to TRUST that PC. You have to find a way to do that that ensures that it's not trusting the wrong PC -- a hacker's PC, for example. Or a disgruntled ex-employee's PC. How do you know which PCs you can or can't trust?

One way to establish trust is to restrict it by IP address. But you can't do that because of the whole "dual control" thing.

Another way is to use digital cryptographic keys. Give the PC a public key and you keep the private key. Have them send you something encrypted with the public key and verify that it matches the private key. If not, you have a problem, and you deny the connection. That's what technologies like SSL and SSH do.

But what you're trying to do (as far as I can tell... you don't seem to want to provide much description) is have the PC provide all of the authorizing by itself. If you do that, you're going to have to trust all PCs, since you'll have know way of knowing the legitimate PCs from the illegitimate ones. In that scenario, you'll always have a security hole. It doesn't matter if the data is stored in a file or in the registry or any other form of storage. As long as you put yourself in a situation of having to trust all PCs, you will have a security hole, because a hacker will be able to see what you're sending, and will be able to replicate it.


Chamara Withanachchi wrote:

In that case can I access pc registry from rpg program? We have few
issues with ssl and vpn.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.