Re: [U2] [UV/Windows] Authentication / encryption issues

[Eugene Perry]

You might check with Pete at Accusoft to see if Accuterm will do SSH.

Eugene

- Original Message - 
From: pukunui [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 04, 2004 8:33 PM
Subject: [U2] [UV/Windows] Authentication / encryption issues


 Dear U2 Gurus,
 
 I am starting to think about improving the security of our
 Windows-hosted,
 UV-based systems against internal snooping or attack.
 External influences
 are less of an issue, we can always encrypt any traffic
 either via a VPN 
 tunnel (for the Internet) or by installation of encryption
 hardware covering
 point-to-point network links.
 
 There are four different sorts of vulnerability I am
 considering:-
 * Snooping of Telnet traffic
 + Does IBM or anyone else offer, or plan to offer, an 
 SSH-enabled telnet server for UV on Windows?
 + The MS Windows Telnet server offers NTLM authentication 
 to avoid sending user ID  password in plain text, but
 not a SSH encryption of session traffic.
 + At least at UV version 10.1, it doesn't look like IBM 
 provides anything in this area
 
 * Snooping of UniObjects traffic
 + This is much less of a problem as the traffic is all
 server-to-server inside a single rack in the computer
 room.  There is little opportunity to gain access to
 a cable segment with the traffic on it.
 + Still, it would be nice to be able to encrypt the
 traffic
 
 * UV/net
 + UV/net stores user credentials (UserID AND password)
 in plain text in the ENVironment string. Absurd but
 true!  This makes UV/net a major security risk
 + Does IBM have any plan to address this?
 
 * The unauthorised developer menace.
 + Our systems used to be pretty well segregated, but now 
 we're looking at 'server consolidation', and the same 
 server may well have, say, Payroll and Inventory systems 
 on it
 + How could we stop, say, an Inventory developer writing a 
 program, apparently part of the Inventory suite, but which
 actually calls a (pre-existing) Payroll component which he
 (or she) misuses to find out details of stuff they're not 
 supposed to know about?
 + Development is in VS.NET, using mostly VB and a little C#
 + Since we want developers to share tools, techniques and
 code libraries in order to get the best efficiencies we
 can in the development process, the only alternatives
 for management may be either to [GAARK!] trust the 
 programmers, or to completely segregate the Development 
 environment from Test  Production, and bulk up the QA 
 side to make as close to certain as possible that the 
 Production code does only, and exactly, what it's supposed
 to. Sounds expensive!
 ---
 u2-users mailing list
 [EMAIL PROTECTED]
 To unsubscribe please visit http://listserver.u2ug.org/
---
u2-users mailing list
[EMAIL PROTECTED]
To unsubscribe please visit http://listserver.u2ug.org/

RE: [U2] [OT]Postscript to a Laser on Dumb Term Aux Port

[Don Kibbey]

I would go with the HP printers.  The $99 dollar printer may be a windows
only device that relies on the host cpu to do most of the processing.  This
could be more problematic than the spooler.

We switched from pcl only printers to combos that are capable of both pcl
and postscript a couple of years ago.  We found that printing large volumes
of pdf files to a pcl only printer was slower than if the same model printer
had a postscript driver.  We did not take the time to figure out exactly
why, we just switched.  (I work for lawyers who are just as impatient as
furniture buyers :-) 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anthony Dzikiewicz
Sent: Saturday, June 05, 2004 9:31 PM
To: [EMAIL PROTECTED]
Subject: RE: [U2] [OT]Postscript to a Laser on Dumb Term Aux Port

Much has been considered.  These are retail cashiering station that we are
talking about.  One central printer would be my next choice.  The only thing
that can go wrong is that the printer hangs and the whole front counter is
dead.  When the printer runs out of paper, or toner or the drum, or what
have you, they would panic, because the light would be blinking and they
wouldnt know what to do (these guys really arent too bright and would
always rather have the other guy fix the problem). It will lead to a
situation where the printer gets disabled at the unix level and has to be
enabled (easy for you and me, but a mountain for these guys).  Mind you all
this is happening in a retail environment with customers waiting for
receipts (ever been in a supermarket when the receipt printer jams - what if
that was one printer for the whole market).  This isnt good. The spooler is
the obstacle that Im trying to avoid. I started to think of the cheapest,
easiest, uncomplicated way to go about doing this. This is to continue doing
the same thing that has worked flawlessly for about 15 years. The reason for
going to laser is to eliminate preprinted forms, which saves substantial
cash.  I originally believed that the $99 laser I had did postscript.  If it
did, I would be golden.  It doesnt.  It does do PCL4.  So, my next avenue
to explore is to convert the postscript to PLC4 or convert the PDF being
created directly to PCL4.  Currently, the preprinted forms/Epson arrangement
is doing straight ascii printing.  We have started using the Cross PDF
package and we are converting everything to PDF. We are eliminating pre
printed forms wherever they exist.  If all of this ends up not working, then
I will go with the spooled printer solution.  Then I have to create a bunch
of menu options to allow users to view the status of the spooler and printer
- is lpd running, is the printer disabled, is there a lock file that needs
to be cleaned up.  I dont look forward to this. The dumb terminal cost
about $350 w/kybd new.  The laser Im considering is $99.  The cheapest laser
that does postscript (that I know of yet) is the hp 2100 about $400. Im open
to anything that is completely simple and cheap.  I have brought up the idea
of thermal printers like they use in Best Buy, etc... nobody likes em.  We
are a furniture store and the appearance of this just doesnt fit
considering the average ticket is about $1500 and some substantially more.
The owner likes something a little more elegant. So, now you know a little
more about the environment what do you think ?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tony Gravagno
Sent: Saturday, June 05, 2004 5:08 PM
To: [EMAIL PROTECTED]
Subject: RE: [U2] [OT]Postscript to a Laser on Dumb Term Aux Port

Personally I'd recommend that you reconsider the architecture that you're
trying to build, rather than reconsidering the specific devices that you're
trying to fit into that architecture.  I'm reading square pegs and round
holes here.

Dumb terminals were designed when we didn't have anything better.  Do you
really want to hang many laserjets around on dumb terminals that cost less
than the printers themselves?  Do each of your end-users really require
exclusive access to a laserjet?  And do you really need to manually generate
a lot of PCL?

I understand the needs of smaller sites and that it's not easy to drag new
cables around for a new printer, etc.  These days a wireless setup will cost
as much as the $100 manual that someone proposed.  And it's much easier to
generate XML or HTML and export it as PDF, or use some other more text-based
methods that result in high quality printed output.

I'm just suggesting that you think outside of the box for a moment and
consider something different than what the site already has, rather than
just replacing old methods with new hardware.

Good luck,
Tony

From Anthony Dzikiewicz
 I think you're right.  I assumed that this is postscript  printer.  We 
have  always used this with windows and could print postscript, but  it 
is being  converted.  I guess I should start over with a real  
postscript 

RE: [U2] [UV] CONVERT.SQL (UV files SQL tables)

[Ray Wurlod]

When you convert a hashed file into an SQL table, as well as creating entries in 
UV_TABLES, UV_COLUMNS, UV_ASSOC system tables and the file's security and integrity 
constraints area (SICA), you also create an implicit grant of all privileges to 
public.  Once you apply any explicit grant, the implicit one is removed.
So, no, you're not doing anything wrong and, yes, you will need to grant whatever 
table privileges other, non-SQL users, require.

The nice thing is, you can now grant SELECT and UPDATE privilege to specific columns 
on a per-user basis, so you have much finer granularity in your security model.

There is one possible loophole.  The OPENCHK tunable parameter allows BASIC programs 
to bypass SQL integrity checking; it may (I've never tried it) also allow BASIC 
programs to bypass SQL security checking.
---
u2-users mailing list
[EMAIL PROTECTED]
To unsubscribe please visit http://listserver.u2ug.org/

RE: [U2] [OT]Postscript to a Laser on Dumb Term Aux Port

[Robert Colquhoun]

Hello Anthony,
At 11:31 AM 6/06/2004, Anthony Dzikiewicz wrote:
Much has been considered.  These are retail cashiering station that we are
talking about.  One central printer would be my next choice.  The only thing
that can go wrong is that the printer hangs and the whole front counter is
dead.
Don't share a printer between more than 2 lanes - the time it takes for the 
cashier to walk over to get the printout becomes too much.  They also can 
easily mix up receipts at busy times.


  When the printer runs out of paper, or toner or the drum, or what
have you, they would panic, because the light would be blinking and they
wouldnt know what to do (these guys really arent too bright and would
always rather have the other guy fix the problem).
Write a 2-3 page instruction sheet on printer errors.
It will lead to a
situation where the printer gets disabled at the unix level and has to be
enabled (easy for you and me, but a mountain for these guys).  Mind you all
this is happening in a retail environment with customers waiting for
receipts (ever been in a supermarket when the receipt printer jams - what if
that was one printer for the whole market).
Modern receipt printer are getting better at this most thermals have a 
fairly straight paper path for the receipt roll.  Best tactic if possible 
is to have a spare lane to move the customers across to.

  This isnt good. The spooler is
the obstacle that Im trying to avoid. I started to think of the cheapest,
easiest, uncomplicated way to go about doing this. This is to continue doing
the same thing that has worked flawlessly for about 15 years.
People often get quite sentimental about old computer systems, the faults 
become so ingrained the users can no longer see them, the users get molded 
to fit the system.

When talking about how good a system is always ask the new employees they 
have a better perspective on the relative merits.
 The reason for
going to laser is to eliminate preprinted forms, which saves substantial
cash.  I originally believed that the $99 laser I had did postscript.  If it
did, I would be golden.  It doesnt.  It does do PCL4.  So, my next avenue
to explore is to convert the postscript to PLC4 or convert the PDF being
created directly to PCL4.
Postscript requires more memory than pcl, it used to be i think that they 
also paid a royalty to adobe.   But those things are fading as memory is 
now very cheap and i think they use 3rd party emulations(ie like 
ghostscript) to rasterize the document.

I did a quick search on http://froogle.google.com/ there was a Brother 
Laser printer 1450N with postscript for a little over $200.

Network printers are also faster than slave printing with serial and 
perhaps parallel or usb.  With network printers you can also quickly 
redirect the receipts to another lane if one printer stuffs up.

  Currently, the preprinted forms/Epson arrangement
is doing straight ascii printing.  We have started using the Cross PDF
package and we are converting everything to PDF. We are eliminating pre
printed forms wherever they exist.  If all of this ends up not working, then
I will go with the spooled printer solution.  Then I have to create a bunch
of menu options to allow users to view the status of the spooler and printer
- is lpd running, is the printer disabled, is there a lock file that needs
to be cleaned up.  I dont look forward to this. The dumb terminal cost
about $350 w/kybd new.  The laser Im considering is $99.  The cheapest laser
that does postscript (that I know of yet) is the hp 2100 about $400.
We use the hp1200N, not as cheap but fairy fast and reliable both of which 
imho are more important than the purchase price.

 Im open
to anything that is completely simple and cheap.  I have brought up the idea
of thermal printers like they use in Best Buy, etc... nobody likes em.  We
are a furniture store and the appearance of this just doesnt fit
considering the average ticket is about $1500 and some substantially more.
The owner likes something a little more elegant. So, now you know a little
more about the environment what do you think ?
$1500 tickets being printed on a $100 laser?  So if you print 50 tickets a 
day  = $75000so if your printer dies for a day cause you went for too 
cheap without a maintenance agreement or backup printer that has cost the 
company $75k in sales.  I imagine cause each ticket is so large you are not 
printing a huge number the printer warmup time will be importantif you 
choose the wrong printer then each customer could be waiting an additional 
10 seconds for the receipt.

If you main computer goes down your dumb terminals are history and you 
might have to close the store till it is fixed.  If you replace with PC's 
which are cheaper than your dumb terminals you can run a local pc point of 
sale software in the event of your main machine failure.

Secondly printer running costs usually outflank the purchase price - try to 
work out the current running costs