It is a security risk to allow any remote system to execute binaries on your local machine, be it through a browser or through the remedy user tool. The mid-tier workflow is managed by the same group of people that manage the user tool workflow. The risk model is the same. Whether you use a thick client that can call native libs or you wrap it in an activex/applet, you have the same exposure. The only difference is the type of client in use.
Axton Grams The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. On Sat, Sep 11, 2010 at 10:00 PM, Daniel Condrea < [email protected]> wrote: > ** > Hello all, > > It is a security risk to be able to execute something on the remote > computer from a BROWSER. > > Calling an EXE it is in the same category as DDE and OLE action. > > This is the main reason I am an advocate of "ARS client". A clickonce of > "ARS client" would be a better idea. > > Daniel Condrea > > ------------------------------ > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Axton > *Sent:* Friday, September 10, 2010 5:43 PM > *To:* [email protected] > *Subject:* Re: Substitute for RUNPROCESS in mid-tier. > > ** ActiveX and Java Applets are the options that I know of to execute > client side executables. > > You may be able to do some things with Flash, but I'm not an expert with > that product. > > You didn't indicate what you are trying to accomplish with the exe; there > may be other approaches that make more sense that going the applet/activex > route. > > Axton Grams > > The opinions, statements, and/or suggested courses of action expressed in > this E-mail do not necessarily reflect those of BMC Software, Inc. My > voluntary participation in this forum is not intended to convey a role as a > spokesperson, liaison or public relations representative for BMC Software, > Inc. > > On Fri, Sep 10, 2010 at 7:36 AM, Frex Popo <[email protected]> wrote: > >> ** >> >> Dear listers, >> >> I have a run process which calls a .exe executable from the comand line >> and connects to a remote application to display some data. This is all fine >> on the user client but obviously (and as the manual clearly states) it does >> not work in the Mid-Tier. >> >> Anyway tried some simple alternative which DOES WORK? >> >> This is a 7.1 Patch 4 server and Mid-Tier. >> >> Many thanks in advance >> frex >> >> >> >> >> _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ > > > _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ > > ********************************* > This message and any attachments (the "message") are confidential and > intended solely for the addressees. > Any unauthorised use or dissemination is prohibited. > Messages are susceptible to alteration. > France Telecom Group shall not be liable for the message if altered, changed > or falsified. > If you are not the intended addressee of this message, please cancel it > immediately and inform the sender. > ******************************** > > _attend WWRUG10 www.wwrug.com ARSlist: "Where the Answers Are"_ > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug10 www.wwrug.com ARSlist: "Where the Answers Are"
