The CANDE and Transaction Server message control systems (MCSs) each provide you with the ability to protect remote files from use by foreign processes.
Protecting remote files can prevent users from writing programs that read information entered at another user terminal unless the other user explicitly gives permission for this operation. Protecting remote files can also prevent processes from writing to other terminals without first gaining similar permission.
Use the following CANDE operations commands to protect each remote printer in a CANDE network from the actions of files external to the station.
To provide protection, also make the station a LOGIN station.
?OP Command
The CANDE operations ?OP command permits interrogation and setting of a number of options. Two of those options pertain to the current discussion as follows.
The effect of the DIALLOGIN or ALLLOGIN option is apparent only when stations are initialized by CANDE. This initialization process takes place when one of the following events occurs:
-
CANDE is initialized.
-
A station is received by transfer from another MCS.
-
The operator uses a ?SAVE network control command to save a station.
-
The operator uses a ?READY network control command to ready a station inhibited by errors.
?LAISSEZFILE Command
This command concerns foreign remote files—that is, files opened by tasks not initiated at the station. The command enables you to regulate how foreign remote files from one program can communicate with other stations—called target stations in this guide—in the CANDE network. Regulation can include the following procedures:
-
The interaction can be announced (identified) at the target station.
-
The interaction can be limited to one job at a time, either for all target stations or for those target stations currently logged on to the host.
-
The interaction can be made subject to the permission of the target-station user.
Override Values
Any value previously set using this command can be overridden by the SECOPT CANDE LAISSEZFILE command.
When the CLASS security option is set to S0, S1, or S2, the CANDE LAISSEZFILE option must be set using the SECOPT command. The option cannot be set from a control station.
Refer to Security Configuration for information about the SECOPT command.
When the indicated integer is designated for the ?LAISSEZFILE command, regulation of remote-file communication is as follows.
|
Integer |
Regulation of Interaction |
|---|---|
|
0 |
Announced; limited to one job for all stations; subject to user permission. |
|
1 |
Announced; limited to one job for logged-on stations; subject to user permission. |
|
2 |
Announced; limited to one job for all stations; not subject to user permission. |
|
3 |
Announced; limited to one job for logged-on stations; not subject to user permission. |
|
4 |
Not announced; limited to one job for all stations; not subject to user permission. |
|
5 |
Not announced; limited to one job for logged-on stations; not subject to user permission. |
|
6 |
Not announced; not limited to one job; not subject to user permission. |
-
To minimize the chances of a remote file gaining, as input, information the user of a station did not intend to give, it is good practice to designate both DIALLOGIN and ALLLOGIN for the CANDE network control command ?OP. This step prevents problems such as a program designed to imitate a log-on screen opening a remote file on a terminal and obtaining a user password when the user logs on.
-
It is also advisable to use the ?LAISSEZFILE command to assign the CANDE option LAISSEZFILE the value zero. Doing so ensures that a user is always informed when a foreign remote file is attempting communication with that user station.
-
Finally, it is good practice to limit communication to stations that are logged on, and such communication should be subject to the user approval.
LOGIN Stations
A LOGIN station requires a user to be logged on before any REMOTE file can be opened. In addition, CANDE requests a usercode of any LOGIN station whenever communication is established between CANDE and the station.
Transaction Server Remote Files
When a process attempts to open a remote file at a station that is controlled by the Transaction Server MCS, Transaction Server opens a dynamic window for the station. A user of the station receives a message indicating the name of the remote file, the usercode of the process opening the file, and the name of the program.
No input from nor output to the station is sent unless the user of the station enters a ?ON <window name> command, where in place of <window name> the user enters the dynamic window name that Transaction Server has defined. The user must, in effect, give permission before a “foreign” program can read from or write to his or her station.
There is one exception to the permission requirement. That is, if the process requesting the remote file open was initiated from MARC and if the remote station to be opened is the station where the process was initiated, MARC automatically changes the window to the just-opened dynamic remote-file window.
