UniData has a VOC_READONLY environment variable which can be set that allows it to run successfully in a directory where the VOC has no write permission. Perhaps UniVerse has the same or similar.
I can't conceive of a way to make this safe without setting suitable OS level permissions. I can see how it could be made safe enough that you couldn't get round it with normal verbs and editors, but I can't see how it could be fixed so that a programmer couldn't get around it, or even a savvy user setting up VOC pointers from another account. Cheers, Ken -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hona, David S Sent: Monday, 20 October 2008 12:08 PM To: [email protected] Subject: RE: [U2] Universe Triggers Yes, unless Susan is using some "undocumented" feature to block the update/deletion of VOC entries with remote pointers that also have security subroutines associated...then what she is saying isn't correct. I've never heard of such a thing in UV, but that doesn't mean it isn't hiding somewhere. Since she said "look it up", it implies this so-called lock down of the VOC is documented...which I cannot find anywhere. She is offers no "proof" or IBM documentation to support her claim, then we can only suspect what she states is incorrect. UniVerse has poor security capabilities and I can't see this changing any time soon! :) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of phil walker Sent: Monday, 20 October 2008 11:07 AM To: [email protected] Subject: RE: [U2] Universe Triggers I bet you I can write to the VOC unless I do not have write permissions to the file. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Joslyn Sent: Friday, 17 October 2008 1:45 a.m. To: [email protected] Subject: RE: [U2] Universe Triggers That's really REALLY (I swear!) not true. Even if you can do stuff to the VOC, if you put the verbs into the remote VOC and lock that up, you can ABSOLUTELY prevent unauthorized TCL command usage. You can't copy a VOC command and make it work to bypass the wrapped one in the remote voc. Honestly, you really can't. I can explain in more detail how I did it for PRC if you like - but there are plenty of ways to do it - just read up on the remote VOC. Susan Date: Wed, 15 Oct 2008 13:40:20 +0100 From: Anthony Youngman <[EMAIL PROTECTED]> Subject: RE: [U2] Universe Triggers But IF you can update VOC, you CAN bypass remote voc, which is what David said! As part of your security you need to make sure that users CAN'T update VOC (which is rather harder than it seems at first glance). Cheers, Wol - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Susan Joslyn Sent: 15 October 2008 12:36 To: [email protected] Subject: RE: [U2] Universe Triggers David, With the use of remote voc you really can prevent by-pass of "wrapped" TCL commands. Completely, unequivocably. Regards, Susan Joslyn SJ+ Systems Associates, Inc. PRC(r) Real software configuration management for U2! - ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
