Re: [U2] [UV/Windows] Authentication / encryption issues
You might check with Pete at Accusoft to see if Accuterm will do SSH. Eugene - Original Message - From: pukunui [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 04, 2004 8:33 PM Subject: [U2] [UV/Windows] Authentication / encryption issues Dear U2 Gurus, I am starting to think about improving the security of our Windows-hosted, UV-based systems against internal snooping or attack. External influences are less of an issue, we can always encrypt any traffic either via a VPN tunnel (for the Internet) or by installation of encryption hardware covering point-to-point network links. There are four different sorts of vulnerability I am considering:- * Snooping of Telnet traffic + Does IBM or anyone else offer, or plan to offer, an SSH-enabled telnet server for UV on Windows? + The MS Windows Telnet server offers NTLM authentication to avoid sending user ID password in plain text, but not a SSH encryption of session traffic. + At least at UV version 10.1, it doesn't look like IBM provides anything in this area * Snooping of UniObjects traffic + This is much less of a problem as the traffic is all server-to-server inside a single rack in the computer room. There is little opportunity to gain access to a cable segment with the traffic on it. + Still, it would be nice to be able to encrypt the traffic * UV/net + UV/net stores user credentials (UserID AND password) in plain text in the ENVironment string. Absurd but true! This makes UV/net a major security risk + Does IBM have any plan to address this? * The unauthorised developer menace. + Our systems used to be pretty well segregated, but now we're looking at 'server consolidation', and the same server may well have, say, Payroll and Inventory systems on it + How could we stop, say, an Inventory developer writing a program, apparently part of the Inventory suite, but which actually calls a (pre-existing) Payroll component which he (or she) misuses to find out details of stuff they're not supposed to know about? + Development is in VS.NET, using mostly VB and a little C# + Since we want developers to share tools, techniques and code libraries in order to get the best efficiencies we can in the development process, the only alternatives for management may be either to [GAARK!] trust the programmers, or to completely segregate the Development environment from Test Production, and bulk up the QA side to make as close to certain as possible that the Production code does only, and exactly, what it's supposed to. Sounds expensive! --- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/ --- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] [OT]Postscript to a Laser on Dumb Term Aux Port
I would go with the HP printers. The $99 dollar printer may be a windows only device that relies on the host cpu to do most of the processing. This could be more problematic than the spooler. We switched from pcl only printers to combos that are capable of both pcl and postscript a couple of years ago. We found that printing large volumes of pdf files to a pcl only printer was slower than if the same model printer had a postscript driver. We did not take the time to figure out exactly why, we just switched. (I work for lawyers who are just as impatient as furniture buyers :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anthony Dzikiewicz Sent: Saturday, June 05, 2004 9:31 PM To: [EMAIL PROTECTED] Subject: RE: [U2] [OT]Postscript to a Laser on Dumb Term Aux Port Much has been considered. These are retail cashiering station that we are talking about. One central printer would be my next choice. The only thing that can go wrong is that the printer hangs and the whole front counter is dead. When the printer runs out of paper, or toner or the drum, or what have you, they would panic, because the light would be blinking and they wouldnt know what to do (these guys really arent too bright and would always rather have the other guy fix the problem). It will lead to a situation where the printer gets disabled at the unix level and has to be enabled (easy for you and me, but a mountain for these guys). Mind you all this is happening in a retail environment with customers waiting for receipts (ever been in a supermarket when the receipt printer jams - what if that was one printer for the whole market). This isnt good. The spooler is the obstacle that Im trying to avoid. I started to think of the cheapest, easiest, uncomplicated way to go about doing this. This is to continue doing the same thing that has worked flawlessly for about 15 years. The reason for going to laser is to eliminate preprinted forms, which saves substantial cash. I originally believed that the $99 laser I had did postscript. If it did, I would be golden. It doesnt. It does do PCL4. So, my next avenue to explore is to convert the postscript to PLC4 or convert the PDF being created directly to PCL4. Currently, the preprinted forms/Epson arrangement is doing straight ascii printing. We have started using the Cross PDF package and we are converting everything to PDF. We are eliminating pre printed forms wherever they exist. If all of this ends up not working, then I will go with the spooled printer solution. Then I have to create a bunch of menu options to allow users to view the status of the spooler and printer - is lpd running, is the printer disabled, is there a lock file that needs to be cleaned up. I dont look forward to this. The dumb terminal cost about $350 w/kybd new. The laser Im considering is $99. The cheapest laser that does postscript (that I know of yet) is the hp 2100 about $400. Im open to anything that is completely simple and cheap. I have brought up the idea of thermal printers like they use in Best Buy, etc... nobody likes em. We are a furniture store and the appearance of this just doesnt fit considering the average ticket is about $1500 and some substantially more. The owner likes something a little more elegant. So, now you know a little more about the environment what do you think ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tony Gravagno Sent: Saturday, June 05, 2004 5:08 PM To: [EMAIL PROTECTED] Subject: RE: [U2] [OT]Postscript to a Laser on Dumb Term Aux Port Personally I'd recommend that you reconsider the architecture that you're trying to build, rather than reconsidering the specific devices that you're trying to fit into that architecture. I'm reading square pegs and round holes here. Dumb terminals were designed when we didn't have anything better. Do you really want to hang many laserjets around on dumb terminals that cost less than the printers themselves? Do each of your end-users really require exclusive access to a laserjet? And do you really need to manually generate a lot of PCL? I understand the needs of smaller sites and that it's not easy to drag new cables around for a new printer, etc. These days a wireless setup will cost as much as the $100 manual that someone proposed. And it's much easier to generate XML or HTML and export it as PDF, or use some other more text-based methods that result in high quality printed output. I'm just suggesting that you think outside of the box for a moment and consider something different than what the site already has, rather than just replacing old methods with new hardware. Good luck, Tony From Anthony Dzikiewicz I think you're right. I assumed that this is postscript printer. We have always used this with windows and could print postscript, but it is being converted. I guess I should start over with a real postscript
RE: [U2] [UV] CONVERT.SQL (UV files SQL tables)
When you convert a hashed file into an SQL table, as well as creating entries in UV_TABLES, UV_COLUMNS, UV_ASSOC system tables and the file's security and integrity constraints area (SICA), you also create an implicit grant of all privileges to public. Once you apply any explicit grant, the implicit one is removed. So, no, you're not doing anything wrong and, yes, you will need to grant whatever table privileges other, non-SQL users, require. The nice thing is, you can now grant SELECT and UPDATE privilege to specific columns on a per-user basis, so you have much finer granularity in your security model. There is one possible loophole. The OPENCHK tunable parameter allows BASIC programs to bypass SQL integrity checking; it may (I've never tried it) also allow BASIC programs to bypass SQL security checking. --- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
RE: [U2] [OT]Postscript to a Laser on Dumb Term Aux Port
Hello Anthony, At 11:31 AM 6/06/2004, Anthony Dzikiewicz wrote: Much has been considered. These are retail cashiering station that we are talking about. One central printer would be my next choice. The only thing that can go wrong is that the printer hangs and the whole front counter is dead. Don't share a printer between more than 2 lanes - the time it takes for the cashier to walk over to get the printout becomes too much. They also can easily mix up receipts at busy times. When the printer runs out of paper, or toner or the drum, or what have you, they would panic, because the light would be blinking and they wouldnt know what to do (these guys really arent too bright and would always rather have the other guy fix the problem). Write a 2-3 page instruction sheet on printer errors. It will lead to a situation where the printer gets disabled at the unix level and has to be enabled (easy for you and me, but a mountain for these guys). Mind you all this is happening in a retail environment with customers waiting for receipts (ever been in a supermarket when the receipt printer jams - what if that was one printer for the whole market). Modern receipt printer are getting better at this most thermals have a fairly straight paper path for the receipt roll. Best tactic if possible is to have a spare lane to move the customers across to. This isnt good. The spooler is the obstacle that Im trying to avoid. I started to think of the cheapest, easiest, uncomplicated way to go about doing this. This is to continue doing the same thing that has worked flawlessly for about 15 years. People often get quite sentimental about old computer systems, the faults become so ingrained the users can no longer see them, the users get molded to fit the system. When talking about how good a system is always ask the new employees they have a better perspective on the relative merits. The reason for going to laser is to eliminate preprinted forms, which saves substantial cash. I originally believed that the $99 laser I had did postscript. If it did, I would be golden. It doesnt. It does do PCL4. So, my next avenue to explore is to convert the postscript to PLC4 or convert the PDF being created directly to PCL4. Postscript requires more memory than pcl, it used to be i think that they also paid a royalty to adobe. But those things are fading as memory is now very cheap and i think they use 3rd party emulations(ie like ghostscript) to rasterize the document. I did a quick search on http://froogle.google.com/ there was a Brother Laser printer 1450N with postscript for a little over $200. Network printers are also faster than slave printing with serial and perhaps parallel or usb. With network printers you can also quickly redirect the receipts to another lane if one printer stuffs up. Currently, the preprinted forms/Epson arrangement is doing straight ascii printing. We have started using the Cross PDF package and we are converting everything to PDF. We are eliminating pre printed forms wherever they exist. If all of this ends up not working, then I will go with the spooled printer solution. Then I have to create a bunch of menu options to allow users to view the status of the spooler and printer - is lpd running, is the printer disabled, is there a lock file that needs to be cleaned up. I dont look forward to this. The dumb terminal cost about $350 w/kybd new. The laser Im considering is $99. The cheapest laser that does postscript (that I know of yet) is the hp 2100 about $400. We use the hp1200N, not as cheap but fairy fast and reliable both of which imho are more important than the purchase price. Im open to anything that is completely simple and cheap. I have brought up the idea of thermal printers like they use in Best Buy, etc... nobody likes em. We are a furniture store and the appearance of this just doesnt fit considering the average ticket is about $1500 and some substantially more. The owner likes something a little more elegant. So, now you know a little more about the environment what do you think ? $1500 tickets being printed on a $100 laser? So if you print 50 tickets a day = $75000so if your printer dies for a day cause you went for too cheap without a maintenance agreement or backup printer that has cost the company $75k in sales. I imagine cause each ticket is so large you are not printing a huge number the printer warmup time will be importantif you choose the wrong printer then each customer could be waiting an additional 10 seconds for the receipt. If you main computer goes down your dumb terminals are history and you might have to close the store till it is fixed. If you replace with PC's which are cheaper than your dumb terminals you can run a local pc point of sale software in the event of your main machine failure. Secondly printer running costs usually outflank the purchase price - try to work out the current running costs