|
Thanks scott for the tips and guide I think better to stick to ssl/crypto.
I have already informed my company to install and configure ssl on our i but they have not done yet.
Last week we had a big problem because of this, my boss wanted such solution as this dual control thing. Anyway I will explain things to him.
Thanks for the support.
Out of this can I update/write data to a file in C drive. I know I can do by STRPCCMD but can I do it from RPG.
Regards,
Chamara Withanachchi
IBM Certified Power System Expert
RPG Programmer (owner of www.rpgiv.info)
WWW.RPGIV.INFO
Mob: +971 50 5698644
Tel: +971 6 5595887
chamaraw@xxxxxxxxxx
www.rpgiv.info i want to be future ready. i want control. i want an i.
Sent from my BlackBerry® wireless device
-----Original Message-----
From: Scott Klement <rpg400-l@xxxxxxxxxxxxxxxx>
Date: Mon, 15 Jun 2009 13:58:07 To: RPG programming on the IBM i / System i<rpg400-l@xxxxxxxxxxxx>
Subject: Re: Access pc file from RPG program
Putting it in the registry doesn't solve the problem. The user could then export the registry keys and import them on another computer. Not especially difficult to do.
Not only that, in order to read the registry from RPG, you'd need to have Windows software that reads the registry information and sends it (via socket or similar tool) back to the i. Any hacker would see this registry key going over the Internet and would be able to replicate it.
Since you'd have to write a program on Windows to send the data over the network, why bother saving it to the registry? Why not just have the program calculate the value and send it over the network, why write it to disk first?
In any case, what you are considering is a huge security problem. Any time you let the PC decide for itself if it's allowed to connect, it's going to open an exposure. It's a simple matter of trust. In order to allow the PC to "authorize itself", your IBM i has to be able to TRUST that PC. You have to find a way to do that that ensures that it's not trusting the wrong PC -- a hacker's PC, for example. Or a disgruntled ex-employee's PC. How do you know which PCs you can or can't trust?
One way to establish trust is to restrict it by IP address. But you can't do that because of the whole "dual control" thing.
Another way is to use digital cryptographic keys. Give the PC a public key and you keep the private key. Have them send you something encrypted with the public key and verify that it matches the private key. If not, you have a problem, and you deny the connection. That's what technologies like SSL and SSH do.
But what you're trying to do (as far as I can tell... you don't seem to want to provide much description) is have the PC provide all of the authorizing by itself. If you do that, you're going to have to trust all PCs, since you'll have know way of knowing the legitimate PCs from the illegitimate ones. In that scenario, you'll always have a security hole. It doesn't matter if the data is stored in a file or in the registry or any other form of storage. As long as you put yourself in a situation of having to trust all PCs, you will have a security hole, because a hacker will be able to see what you're sending, and will be able to replicate it.
Chamara Withanachchi wrote:
In that case can I access pc registry from rpg program? We have few
issues with ssl and vpn.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.