Processing Ideas Needed: - VMS

This is a discussion on Processing Ideas Needed: - VMS ; I have a complex dcl command file that must be submitted under a particular user id's priv's and process quotas...no exceptions. On a web page, a selection can be added to a page to submit this command file on demand ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: Processing Ideas Needed:

  1. Processing Ideas Needed:

    I have a complex dcl command file that must be submitted under a particular
    user id's priv's and process quotas...no exceptions.

    On a web page, a selection can be added to a page to submit this command
    file on demand from only (1) particular user id accessing the web page.
    However,
    this user must be to se;ect this option that will internally submit this
    command
    with /user=****** (the user that has all the priv's and proc quotas
    where the job must run).
    The problem is, I don't want to give the user CMKRNL to be able to
    select the option
    which will submit the command with another /user= ****** unless that
    will not create any
    security issues.

    If I do not go the route of the CMKRNL priv's, what ideas might you have
    in mind that
    once the user selects the option it will notify the privileged user to
    run the command file
    manually. I'd like to automate this and make it the simplest way possible.

    Any ideas?

    Thanks in Advance.


  2. Re: Processing Ideas Needed:

    On Aug 23, 2:01 pm, Chuck Aaron wrote:
    > I have a complex dcl command file that must be submitted under a particular
    > user id's priv's and process quotas...no exceptions.
    >
    > On a web page, a selection can be added to a page to submit this command
    > file on demand from only (1) particular user id accessing the web page.
    > However,
    > this user must be to se;ect this option that will internally submit this
    > command
    > with /user=****** (the user that has all the priv's and proc quotas
    > where the job must run).
    > The problem is, I don't want to give the user CMKRNL to be able to
    > select the option
    > which will submit the command with another /user= ****** unless that
    > will not create any
    > security issues.
    >
    > If I do not go the route of the CMKRNL priv's, what ideas might you have
    > in mind that
    > once the user selects the option it will notify the privileged user to
    > run the command file
    > manually. I'd like to automate this and make it the simplest way possible.
    >
    > Any ideas?
    >
    > Thanks in Advance.


    why don't you just write the request to a file that
    the priviledged job looks for and grabs the
    request from the file and processes it ...

    if this were dibol cgi routines, you could even
    have the two programs pass messages to
    each other to run the request and notify the
    requesting job of its completion ...

    if you are limited to dcl cgi, then you can pass
    the requests back and forth in a file ...


  3. Re: Processing Ideas Needed:

    Chuck Aaron wrote:
    > I have a complex dcl command file that must be submitted under a particular
    > user id's priv's and process quotas...no exceptions.
    >
    > On a web page, a selection can be added to a page to submit this command
    > file on demand from only (1) particular user id accessing the web page.
    > However,
    > this user must be to se;ect this option that will internally submit this
    > command
    > with /user=****** (the user that has all the priv's and proc quotas
    > where the job must run).
    > The problem is, I don't want to give the user CMKRNL to be able to
    > select the option
    > which will submit the command with another /user= ****** unless that
    > will not create any
    > security issues.
    >
    > If I do not go the route of the CMKRNL priv's, what ideas might you have
    > in mind that
    > once the user selects the option it will notify the privileged user to
    > run the command file
    > manually. I'd like to automate this and make it the simplest way possible.
    >
    > Any ideas?


    Install an image with privileges (CMKRNL) that does nothing else than to
    "submit the command with another /user= ****** ".

    You could also let one process (of the privileged user) create a mailbox
    and wait for a message that the other (unprivileged) user is allowed to
    write into the mailbox. The privileged user's process would the be able
    to submit the command or execute it by itself.

    Albrecht

  4. Re: Processing Ideas Needed:

    on 23-8-2007 20:01 Chuck Aaron wrote...
    > I have a complex dcl command file that must be submitted under a particular
    > user id's priv's and process quotas...no exceptions.
    >
    > On a web page, a selection can be added to a page to submit this command
    > file on demand from only (1) particular user id accessing the web page.
    > However,
    > this user must be to se;ect this option that will internally submit this
    > command
    > with /user=****** (the user that has all the priv's and proc quotas
    > where the job must run).
    > The problem is, I don't want to give the user CMKRNL to be able to
    > select the option
    > which will submit the command with another /user= ****** unless that
    > will not create any
    > security issues.
    >
    > If I do not go the route of the CMKRNL priv's, what ideas might you have
    > in mind that
    > once the user selects the option it will notify the privileged user to
    > run the command file
    > manually. I'd like to automate this and make it the simplest way possible.
    >
    > Any ideas?
    >
    > Thanks in Advance.
    >

    Create a program in a VMS language of your choice.

    This program contains one line of code: a call to LIB$DO_COMMAND with
    the $SUBMIT /USER command you need.

    compile and link this image, and INSTALL it with CMKRNL privilege and
    any other privs needed to acces the DCL command file.

    Your website causes a RUN of this image in an otherwise unpriv'd account.

    /Wilm

  5. Re: Processing Ideas Needed:

    On Aug 23, 2:01 pm, Chuck Aaron wrote:
    > I have a complex dcl command file that must be submitted under a particular
    > user id's priv's and process quotas...no exceptions.
    >
    > On a web page, a selection can be added to a page to submit this command
    > file on demand from only (1) particular user id accessing the web page.
    > However,
    > this user must be to se;ect this option that will internally submit this
    > command
    > with /user=****** (the user that has all the priv's and proc quotas
    > where the job must run).
    > The problem is, I don't want to give the user CMKRNL to be able to
    > select the option
    > which will submit the command with another /user= ****** unless that
    > will not create any
    > security issues.
    >
    > If I do not go the route of the CMKRNL priv's, what ideas might you have
    > in mind that
    > once the user selects the option it will notify the privileged user to
    > run the command file
    > manually. I'd like to automate this and make it the simplest way possible.
    >
    > Any ideas?
    >
    > Thanks in Advance.



    Chuck,

    Having done this in the past. I have done it one of two ways:

    - One client wanted to be able to do this from a captive command
    procedure, I wrote an executable which was installed with the
    privileges needed to do SUBMIT/USER

    - The other client wanted something that could be called from within a
    program from less controlled accounts. The solution was the same
    technique, in a different flavor. Shareable image installed with the
    needed privilege.

    In both cases, the capability was guarded in two ways:

    - ACL on the batch file, AND
    - possession of a separate rights identifier guarding the ability to
    submit under the specified Username (e.g., SUBMIT_SYSTEM)

    Obviously, one can elaborate this approach in other ways to ensure
    that the user is not able to do what he/she should not do. The key to
    this is to use rights identifiers to extend the concept of privilege
    bits.

    - Bob Gezelter, http://www.rlgsc.com


  6. Re: Processing Ideas Needed:

    Chuck Aaron wrote:
    > I have a complex dcl command file that must be submitted under a particular
    > user id's priv's and process quotas...no exceptions.
    >
    > On a web page, a selection can be added to a page to submit this command
    > file on demand from only (1) particular user id accessing the web page.
    > However,
    > this user must be to se;ect this option that will internally submit this
    > command
    > with /user=****** (the user that has all the priv's and proc quotas
    > where the job must run).
    > The problem is, I don't want to give the user CMKRNL to be able to
    > select the option
    > which will submit the command with another /user= ****** unless that
    > will not create any
    > security issues.
    >
    > If I do not go the route of the CMKRNL priv's, what ideas might you have
    > in mind that
    > once the user selects the option it will notify the privileged user to
    > run the command file
    > manually. I'd like to automate this and make it the simplest way possible.
    >
    > Any ideas?
    >
    > Thanks in Advance.
    >


    CMKRNL is one of those privileges that's classified as "ALL". If you
    have CMKRNL you can change mode to kernel and do ANYTHING! ANYTHING, of
    course, includes the ability to dink with your privilege mask and give
    yourself any other privileges you might want. It is definitely a
    security risk!

    I would suggest something like a restricted account with the required
    privileges and a LOGIN.COM that runs the required job and logs off again.

    Defenses can be built into the account or LOGIN.COM so that the job can
    only be run during a restricted time period or only on particular days
    of the week, etc.


  7. Re: Processing Ideas Needed:

    Hi Chuck,

    > However,
    > this user must be to se;ect this option that will internally submit this
    > command
    > with /user=****** (the user that has all the priv's and proc quotas
    > where the job must run).


    Can you please tell me whether or not the username that you wish to run the
    batch job under is the same as the "only (1) particular user id accessing
    the web page." and that you're doing all this in an attempt to get around
    the inherent bull**** architectural deficiencies of that HTTP/webserver
    connectionless/stateless pile of pooh?

    Would you be interesetd in a VMS server process being able to *without any
    privileges* assume the client's persona (and whatever rights and privileges
    given to that persona by the system manager) whilst performing work on that
    pre-authorized client's behalf. Would you be interested in avoiding Session
    Hijacking and dodgy cookies, session IDs and trying to embed
    connection-state information in web-pages?

    Cheers Richard Maher

    PS. If you go the Installed image route then you may want to ask how you
    restrict Execute access to it to you "only 1" specific user.

    "Chuck Aaron" wrote in message
    news:faki1g$bj4$1@mailhub227.itcs.purdue.edu...
    > I have a complex dcl command file that must be submitted under a

    particular
    > user id's priv's and process quotas...no exceptions.
    >
    > On a web page, a selection can be added to a page to submit this command
    > file on demand from only (1) particular user id accessing the web page.
    > However,
    > this user must be to se;ect this option that will internally submit this
    > command
    > with /user=****** (the user that has all the priv's and proc quotas
    > where the job must run).
    > The problem is, I don't want to give the user CMKRNL to be able to
    > select the option
    > which will submit the command with another /user= ****** unless that
    > will not create any
    > security issues.
    >
    > If I do not go the route of the CMKRNL priv's, what ideas might you have
    > in mind that
    > once the user selects the option it will notify the privileged user to
    > run the command file
    > manually. I'd like to automate this and make it the simplest way possible.
    >
    > Any ideas?
    >
    > Thanks in Advance.
    >




  8. Re: Processing Ideas Needed:

    on 24-8-2007 1:24 Richard Maher wrote...
    > Hi Chuck,


    [snip]

    > Cheers Richard Maher
    >
    > PS. If you go the Installed image route then you may want to ask how you
    > restrict Execute access to it to you "only 1" specific user.


    Bob G. has explained this: put an ACL on the executable file, and issue
    the pertaining identifier only to that one user.

    /Wilm

  9. Re: Processing Ideas Needed:

    DECNET is your friend.

    Say the web server runs under WWW_SERVER account, and your user is under
    JDOE.

    If WWW_SERVER has captured the username/password for JDOE, it can
    OPEN/READ/WRITE 0"jdoe password"::0=MYSUBMIT (not sure if the syntax
    for the task is 100% right).

    This will cause a process to be created under the JDOE account and which
    will invoke the MYSUBMIT command procedure in JDOE's account which can
    then submit the job that will run under JDOE's account.

    No need for any special privileges.

    If the web server has not captured username/password, you can create a
    decnet proxy in UAF that will allow the web server acocunt to open a
    task under JDOE without having to specify the password.

  10. Re: Processing Ideas Needed:

    Chuck Aaron wrote:
    > I have a complex dcl command file that must be submitted under a particular
    > user id's priv's and process quotas...no exceptions.
    >
    > On a web page, a selection can be added to a page to submit this command
    > file on demand from only (1) particular user id accessing the web page.
    > However, this user must be to se;ect this option that will internally
    > submit this command with /user=****** (the user that has all the priv's
    > and proc quotas where the job must run).
    > The problem is, I don't want to give the user CMKRNL to be able to
    > select the option which will submit the command with another /user= ******
    > unless that will not create any security issues.
    >
    > If I do not go the route of the CMKRNL priv's, what ideas might you have
    > in mind that
    > once the user selects the option it will notify the privileged user to
    > run the command file
    > manually. I'd like to automate this and make it the simplest way possible.


    Several options have been given already, typically writing a custom
    image installed with privilege.

    Much depends on what the "username" is that has to do the submit/user
    command and what security controls are in place for that user.

    You can have a privileged task watch for a file to be created and then
    do the submit/user.

    If you have DECNET installed, you can create a DECNET object that can be
    invoked as a user that is limited to doing your privileged task. This
    has the advantage that only DCL is needed.

    I have been using DECNET objects to allow non-privileged build
    procedures test code that requires privileges with out giving the build
    procedures directly to upgrade their privileges.

    -John
    wb8tyw@qsl.net
    Personal Opinion Only


  11. Re: Processing Ideas Needed:

    Hi Wilm,

    > Bob G. has explained this: put an ACL on the executable file, and issue
    > the pertaining identifier only to that one user.


    You'll have to forgive me as I rarely pay much attention to anything Bob G
    has to say (especially stuff such as "Shareable image installed with the
    needed privilege.") but when it comes to the application of your/Bob's
    solution to Chuck's problem, can I ask you to clarify a couple of things for
    me: -

    1) How does Chuck's Webserver assume the "only (1) particular user id", and
    the associated identifier, whilst handing over to the image activator in
    order to run the Executable installed with privs?
    2) Does it create, and rundown, a new VMS process for each client request?
    3) Does it use some dodgy inner-mode personae that manages to survive image
    rundown?
    4) Does it keep the process lying around in case the (1) user id is needed
    again?
    5) Where does the logfile go?
    6) Has non-interactive logins for (1) user id been clicked over?
    7) How does the success (Job entry number, perhaps pending status, or
    execution queue) or failure get returned to the user?
    8) If (1) user id decides to submit the job again, does he have to enter his
    username/password again or is it held in some dogy cookie or session
    variable?
    9) What sort of expiration time do you put on that crap?
    10) What window of opportunity for Session Hijacking is good/small enough?

    Yep, welcome to VMS development! What have we had so far? FAL jobs with
    proxy usernames, Cookies, Session IDs, New processes (let alone image
    activation) for each request, and polling for file existance. (I'll throw in
    the inevitable "Use ODBC and an external function to the submit the batch
    job and put an ACL on the function") All of this brought to you via HTTP and
    a codepath that would tempt Alexander the Great to reach for his sword!
    Funnily enough, I suspect that all Chuck wanted was a RPC.

    Hey, there's a thought! Where are the SOA guys and the brave new world of
    WSIT? Gentlemen, this is your chance to shine! Get out here and show Chuck
    what you've got. All he wants to do is submit a simple bloody batch job; how
    much XML, WSDL, and Java can that take?

    HP is paying you a fortune to sit on your arses read manuals on Service
    Oriented Architecture, and to port a whole lot of crap to VMS that nobody
    wants; perhaps you might wish to show some fruits for all of the investment?

    Cheers Richard Maher

    "Wilm Boerhout" wrote in message
    news:46ce68f1$0$25476$ba620dc5@text.nova.planet.nl ...
    > on 24-8-2007 1:24 Richard Maher wrote...
    > > Hi Chuck,

    >
    > [snip]
    >
    > > Cheers Richard Maher
    > >
    > > PS. If you go the Installed image route then you may want to ask how you
    > > restrict Execute access to it to you "only 1" specific user.

    >
    > Bob G. has explained this: put an ACL on the executable file, and issue
    > the pertaining identifier only to that one user.
    >
    > /Wilm




  12. Re: Processing Ideas Needed:

    on 26-8-2007 9:00 Richard Maher wrote...
    > You'll have to forgive me as I rarely pay much attention to anything Bob G
    > has to say (especially stuff such as "Shareable image installed with the
    > needed privilege.") but when it comes to the application of your/Bob's
    > solution to Chuck's problem, can I ask you to clarify a couple of things for
    > me: -


    I am a forgiving person(a).

    > 1) How does Chuck's Webserver assume the "only (1) particular user id", and
    > the associated identifier, whilst handing over to the image activator in
    > order to run the Executable installed with privs?


    The webserver does not assume anything. It causes a process to be
    created for user JANEDOE, who is not privileged, but happens to be
    associated with a rights identifier RUNANIMAGE, so she's able to run an
    image that SUBMIT/USER's a job.

    > 2) Does it create, and rundown, a new VMS process for each client request?


    I hope so.

    > 3) Does it use some dodgy inner-mode personae that manages to survive image
    > rundown?


    No.

    > 4) Does it keep the process lying around in case the (1) user id is needed
    > again?


    No.

    > 5) Where does the logfile go?


    The webservers log file is where it always is, and records the run
    request. The /OUTPUT, /ERROR qualifiers of the RUN command determine
    where those log files go. The SUBMIT/USER command causes the log file of
    that job to go to the /USER=xxx login directory.

    > 6) Has non-interactive logins for (1) user id been clicked over?


    Not sure that it's relevant, but "No". The user JANEDOE exists for one
    purpose only, to SUBMIT jobs. Her VMS "account" should, maybe by being
    CAPTIVE or by other standard issue modifiers, restrict her to berform
    only that function.

    > 7) How does the success (Job entry number, perhaps pending status, or
    > execution queue) or failure get returned to the user?


    In this our stateless universe, I cannot think of a way to do this
    synchronously. So, write it into a file, and tell the user to check back
    on the status later. My favourite web shop does it that way, I can live
    with it.

    > 8) If (1) user id decides to submit the job again, does he have to enter his
    > username/password again or is it held in some dogy cookie or session
    > variable?


    Preferably not.

    > 9) What sort of expiration time do you put on that crap?


    See above, none.

    > 10) What window of opportunity for Session Hijacking is good/small enough?


    Also, N/A

    > Yep, welcome to VMS development! What have we had so far? FAL jobs with
    > proxy usernames, Cookies, Session IDs, New processes (let alone image
    > activation) for each request, and polling for file existance. (I'll throw in
    > the inevitable "Use ODBC and an external function to the submit the batch
    > job and put an ACL on the function") All of this brought to you via HTTP and
    > a codepath that would tempt Alexander the Great to reach for his sword!
    > Funnily enough, I suspect that all Chuck wanted was a RPC.


    Yeah, and from my point of view, this is what he gets. Unless he wants
    to submit a million jobs a day, process creation is not an issue. We'll
    walk that bridge when we come to it.

    /Wilm

  13. Re: Processing Ideas Needed:

    An installed priv'd image seems a bit overkill for this.
    Wouldn't the following work?

    Create a batch queue for the purpose, set it /JOB=1 /RETAIN=ALL.
    Slap an ACL on the queue granting SOME_ID MANAGE access. Submit
    the job /HOLD under the required username. Holders of SOME_ID
    can now release the job when it needs to be run, when it
    completes it'll be retained on the queue, rinse & repeat.


  14. Re: Processing Ideas Needed:

    Hi Wilm,

    > I am a forgiving person(a).


    Give me time Wilm, give me time :-)

    > The webserver does not assume anything. It causes a process to be
    > created for user JANEDOE, who is not privileged, but happens to be
    > associated with a rights identifier RUNANIMAGE, so she's able to run an
    > image that SUBMIT/USER's a job.


    I'll give you London to a brick that the webserver calls $persona_assume
    "JANEDOE" before calling $creprc, in order to achieve the end result. If it
    isn't then it should! (Although back in 6.2 days there were "helpdesk
    celebrities" at Digital (becoming EDS at that time in Europe) whose
    arrogance led them to question whether or not this was supported. VMSNOTES
    conference is there for those with access.)

    > > 2) Does it create, and rundown, a new VMS process for each client

    request?
    >
    > I hope so.


    The crying shame here Wilm is I bet that you're not alone in this desire for
    self-flagellation :-(

    "Dear VMS Engineering, we the undersigned wish not only to endure the
    overhead of image activation/rundown for each web-client request but also to
    suffer the multitudenal indignities of a process activation." No wonder they
    don't give a Monkey's anymore; it's not just that WSIT is crap it's just
    that the client-base is technically incapable of understanding what "crap"
    is. (To be brutally honest, the VMS world seems to have plateaued with
    Perl/CGI or ODBC and seems unlikley to ever be confronted with
    the issues that have seen the rest of the industry searching for something
    like SOA, in the first place. An as far as AJAX and that predictive text
    stuff goes "Just leaves us banjo-plucking VMSers to ourselves! But you
    sure do have a purdy mouth. . .")

    > > 3) Does it use some dodgy inner-mode personae that manages to survive

    image
    > > rundown?

    >
    > No.


    For anyone following at home, I looked at the code a while back and recall
    that it's doable. Personae can survive image rundown.

    > > 5) Where does the logfile go?

    >
    > The webservers log file is where it always is, and records the run
    > request. The /OUTPUT, /ERROR qualifiers of the RUN command determine
    > where those log files go. The SUBMIT/USER command causes the log file of
    > that job to go to the /USER=xxx login directory.


    So the webserver "causes a process to be created for user JANEDOE" (and many
    other simultaneous users presumably) and channels *all* of the output from
    *all* of the processes to the one log file? To spell it out, I'm asking what
    you do with the sys$crappy_disk:bull****_web_process_log.32767 files?

    > > 6) Has non-interactive logins for (1) user id been clicked over?

    >
    > Not sure that it's relevant, but "No". The user JANEDOE exists for one
    > purpose only, to SUBMIT jobs. Her VMS "account" should, maybe by being
    > CAPTIVE or by other standard issue modifiers, restrict her to berform
    > only that function.


    That's strange, but then I think that not updating the last login time for a
    detached job is also strange, so what do I know. Network logins "Yes" this
    "No" that "Maybe".

    > In this our stateless universe,


    NO! "Your" stateless universe Wilm "YOUR"! Thus is the world as YOU have
    made it. (Or at least perceive it.) Take off your bull**** HTTP blinkers for
    a while and smell the coffee! And other mixed metaphors :-)

    > I cannot think of a way to do this
    > synchronously.


    Well, as long as you've explored all avenues; that's the main thing!
    Wilm's stumped everybody so the rest of us might as well go home :-)

    I mean "RPC" what's it all about eh? Context-Rich? Connection-Oriented?
    Surely nothing but heretical clap-trap from an age before the I.T.
    killing-fields? I mean, imagine being able to control server-affinity or
    have your server processes assume the persona of the client they're
    performing work for, at any time without the need for any privileges.
    Imagine only having to supply a shareable image with six User Action
    Routines that produce the business logic for your application. Imagine all
    of this occuring in the context of a pool of worker processes that can be
    tuned for client demand with min/max servers and idle timeouts. I mean what
    the ****'s the point of that eh? But I'm sure I'm distracting you from that
    Perl manual that discusses the difference between "die" and "exit(1)" so
    I'll move on. . .

    > > 8) If (1) user id decides to submit the job again, does he have to enter

    his
    > > username/password again or is it held in some dogy cookie or session
    > > variable?

    >
    > Preferably not.


    And the other options are?

    > Yeah, and from my point of view, this is what he gets. Unless he wants
    > to submit a million jobs a day, process creation is not an issue. We'll
    > walk that bridge when we come to it.


    Yes, I'm sure you're right Wilm; it's all about Chuck submitting one batch
    job. There are certainly no architectural truths, credos, or dogmas that
    transcend individual application requirements that are to be found here.
    Move along, nothing more to see. (I'm sure SSH could've done it better
    anyway)

    Cheers Richard Maher

    "Wilm Boerhout" wrote in message
    news:46d13299$0$25476$ba620dc5@text.nova.planet.nl ...
    > on 26-8-2007 9:00 Richard Maher wrote...
    > > You'll have to forgive me as I rarely pay much attention to anything Bob

    G
    > > has to say (especially stuff such as "Shareable image installed with the
    > > needed privilege.") but when it comes to the application of your/Bob's
    > > solution to Chuck's problem, can I ask you to clarify a couple of things

    for
    > > me: -

    >
    > I am a forgiving person(a).
    >
    > > 1) How does Chuck's Webserver assume the "only (1) particular user id",

    and
    > > the associated identifier, whilst handing over to the image activator in
    > > order to run the Executable installed with privs?

    >
    > The webserver does not assume anything. It causes a process to be
    > created for user JANEDOE, who is not privileged, but happens to be
    > associated with a rights identifier RUNANIMAGE, so she's able to run an
    > image that SUBMIT/USER's a job.
    >
    > > 2) Does it create, and rundown, a new VMS process for each client

    request?
    >
    > I hope so.
    >
    > > 3) Does it use some dodgy inner-mode personae that manages to survive

    image
    > > rundown?

    >
    > No.
    >
    > > 4) Does it keep the process lying around in case the (1) user id is

    needed
    > > again?

    >
    > No.
    >
    > > 5) Where does the logfile go?

    >
    > The webservers log file is where it always is, and records the run
    > request. The /OUTPUT, /ERROR qualifiers of the RUN command determine
    > where those log files go. The SUBMIT/USER command causes the log file of
    > that job to go to the /USER=xxx login directory.
    >
    > > 6) Has non-interactive logins for (1) user id been clicked over?

    >
    > Not sure that it's relevant, but "No". The user JANEDOE exists for one
    > purpose only, to SUBMIT jobs. Her VMS "account" should, maybe by being
    > CAPTIVE or by other standard issue modifiers, restrict her to berform
    > only that function.
    >
    > > 7) How does the success (Job entry number, perhaps pending status, or
    > > execution queue) or failure get returned to the user?

    >
    > In this our stateless universe, I cannot think of a way to do this
    > synchronously. So, write it into a file, and tell the user to check back
    > on the status later. My favourite web shop does it that way, I can live
    > with it.
    >
    > > 8) If (1) user id decides to submit the job again, does he have to enter

    his
    > > username/password again or is it held in some dogy cookie or session
    > > variable?

    >
    > Preferably not.
    >
    > > 9) What sort of expiration time do you put on that crap?

    >
    > See above, none.
    >
    > > 10) What window of opportunity for Session Hijacking is good/small

    enough?
    >
    > Also, N/A
    >
    > > Yep, welcome to VMS development! What have we had so far? FAL jobs with
    > > proxy usernames, Cookies, Session IDs, New processes (let alone image
    > > activation) for each request, and polling for file existance. (I'll

    throw in
    > > the inevitable "Use ODBC and an external function to the submit the

    batch
    > > job and put an ACL on the function") All of this brought to you via HTTP

    and
    > > a codepath that would tempt Alexander the Great to reach for his sword!
    > > Funnily enough, I suspect that all Chuck wanted was a RPC.

    >
    > Yeah, and from my point of view, this is what he gets. Unless he wants
    > to submit a million jobs a day, process creation is not an issue. We'll
    > walk that bridge when we come to it.
    >
    > /Wilm




  15. Re: Processing Ideas Needed:

    on 26-8-2007 14:25 Richard Maher wrote...

    [snip]

    >> I am a forgiving person(a).

    >
    > Give me time Wilm, give me time :-)
    >


    Since this is a weekend at least on this end of the timezone chain, I'll
    give you all the time 'til Monday.

    [snip, snip, snip, snap, snip snippety snip]

    >
    >> In this our stateless universe,

    >
    > NO! "Your" stateless universe Wilm "YOUR"! Thus is the world as YOU have
    > made it. (Or at least perceive it.) Take off your bull**** HTTP blinkers for
    > a while and smell the coffee! And other mixed metaphors :-)
    >


    My universe has been stateless since my days as an ACMS programmer. I
    did not have to learn anything new about transactional programming and
    webservices when web services arrived. Some of my younger collegues
    though were very surprised that records could change after they first
    accessed them in their (SOAP, AJAX, PERL, ...) program. Those who ignore
    the past are forced to re-live it.

    /Wilm

    Now playing: Amy Winehouse - You sent me flying

  16. RE: Processing Ideas Needed:

    > -----Original Message-----
    > From: Wilm Boerhout [mailto:w5OLD.PAINTboerhout@planet.nl]
    > Sent: August 26, 2007 9:07 AM
    > To: Info-VAX@Mvb.Saic.Com
    > Subject: Re: Processing Ideas Needed:
    >
    > on 26-8-2007 14:25 Richard Maher wrote...
    >
    > [snip]
    >
    > >> I am a forgiving person(a).

    > >
    > > Give me time Wilm, give me time :-)
    > >

    >
    > Since this is a weekend at least on this end of the timezone chain,
    > I'll
    > give you all the time 'til Monday.
    >
    > [snip, snip, snip, snap, snip snippety snip]
    >
    > >
    > >> In this our stateless universe,

    > >
    > > NO! "Your" stateless universe Wilm "YOUR"! Thus is the world as YOU

    > have
    > > made it. (Or at least perceive it.) Take off your bull**** HTTP

    > blinkers for
    > > a while and smell the coffee! And other mixed metaphors :-)
    > >

    >
    > My universe has been stateless since my days as an ACMS programmer. I
    > did not have to learn anything new about transactional programming and
    > webservices when web services arrived. Some of my younger collegues
    > though were very surprised that records could change after they first
    > accessed them in their (SOAP, AJAX, PERL, ...) program. Those who
    > ignore
    > the past are forced to re-live it.
    >
    > /Wilm
    >
    > Now playing: Amy Winehouse - You sent me flying


    Yep, while SOA is the latest buzz word, one only has to re-examine why DCE and common data dictionaries failed in order to really understand that SOA has some major, major challenges ahead.

    And as a hint, the technical issues are minor compared to internal politicsand culture.

    Good article to consider:
    http://www.cio.com/article/print/21975
    The Truth About SOA - Christopher Koch, CIO

    Btw, the other major buzz word which is interesting is "shared services" and "utility computing".

    For those still with hair on their head, SOA is a concept that used to be called "timesharing" i.e. thin front ends (terminals) accessing centralized services and supported with SLA's.

    As a fyi, I have a document on my shelf entitled "The Infrastructure Utility Technical Description".

    It is dated May, 1994.

    :-)

    What's new is old and what's old is new.

    Regards


    Kerry Main
    Senior Consultant
    HP Services Canada
    Voice: 613-592-4660
    Fax: 613-591-4477
    kerryDOTmainAThpDOTcom
    (remove the DOT's and AT)

    OpenVMS - the secure, multi-site OS that just works.





  17. RE: Processing Ideas Needed:

    > -----Original Message-----
    > From: Main, Kerry
    > Sent: August 26, 2007 10:16 AM
    > To: Info-VAX@Mvb.Saic.Com
    > Subject: RE: Processing Ideas Needed:
    >


    [snip..]

    > Btw, the other major buzz word which is interesting is "shared
    > services" and "utility computing".
    >
    > For those still with hair on their head, SOA is a concept that used to
    > be called "timesharing" i.e. thin front ends (terminals) accessing
    > centralized services and supported with SLA's.
    >


    Oops, clarification alert - above lined should read:

    For those still with hair on their head, shared services and utility computing are
    concepts that used to be called "timesharing" i.e. thin front ends (terminals)
    accessing centralized services and supported with SLA's.

    Regards


    Kerry Main
    Senior Consultant
    HP Services Canada
    Voice: 613-592-4660
    Fax: 613-591-4477
    kerryDOTmainAThpDOTcom
    (remove the DOT's and AT)

    OpenVMS - the secure, multi-site OS that just works.




  18. How's the serenity! (was Re: Processing Ideas Needed:)

    Hi Wilm,

    > My universe has been stateless since my days as an ACMS programmer.


    You mean that other context-rich, connection-oriented architecture? But I
    didn't see anyone suggest this to Chuck. (Still with the death of ACMSxp
    maybe they're all keeping their heads down at HP? Do they ever do anything
    else one might ask.) But please let me draw the distinction between your
    tasks being "stateless" and the ACMS transaction monitor maintaining a fully
    pre-authorized and statefull connection to the client. Please desist from
    attempting to draw an analogy between what ACMS (or Tier3) is doing and that
    document-serving, wam-bang-than-you-mam, pile of **** that is HTTP and all
    web-browsers who sail in her! You do see the difference don't you?

    Anyway, you've developed with ACMS, fantastic! Then *surely* you must agree
    that the bull**** ACMS workspace size restriction has always been a pain in
    the arse? What about result sets? All Employees with names starting with
    "SM"? All transactions for August? Why should you be forced into the same
    artificial "paging" paradigms that are ubiquitous today? What if you had a
    full-duplex conversational pipe as the only parameter to your ACMS task, and
    server affinity could be controlled at message granularity? For example, one
    request might generate a one row response, another might generate a 1000 row
    response, but if server and client were cooperating on a row-by-row basis,
    then the client could be enriching rows for presentation while the server
    was busy retrieving them. Or maybe, the server needs additional information
    from the client and the association between client and server needs to span
    more than one message exchange? Would such a flexible architecture not be
    desirable? Me? I like to send the *complete* result set down to the client
    and then let them page/scroll through it or sort it or whatever they like?

    But what about the privileges that you had to give ACMS servers? What about
    the DCL servers that were used to browse files with TPU that could easily be
    turned into startup-altering assasins? Also, you were told what Username you
    were performing work for, but you wern't given a t3$persona_assume service
    that could be called from an unprivileged account. How can you call Rdb's
    "Set Session Authorization" with only a Username?

    What about ADU, UDU, *CDD*, TDFs, SWLUP, ACMSATR, Debugging the server?
    (I'll skip the CP, and of course the "They tried to make me use the
    DECforms, and I said a No! No! No!")

    What about interrupting a server that's gone AWOL 'cos you gave it some
    dodgy selection criteria? Imagine empowering the end-user with a hot-abort
    button - Sound good? Doesn't XMLHttpRequest have an abort() method? Or does
    that filth just abort the client waiting for the request and leave the
    server to trundle away for hours? (And let the client kick-off another
    resource hungry trawl of the database)

    > I
    > did not have to learn anything new about transactional programming and
    > webservices when web services arrived.


    Excellent! Please show me one example of a Webservice on VMS updating RMS,
    Rdb, Oracle in a two-phase commit with and database on any other platform.
    (Could be doable with weblogic/tuxedo I suppose but I doubt it)

    > Some of my younger collegues
    > though were very surprised that records could change after they first
    > accessed them in their (SOAP, AJAX, PERL, ...) program. >


    The analogy that worked with a couple of programmers at an ACMS-using bank
    in the UK was that of the Hotel, and of leaving a pair of ones shoes in the
    closet after checking out. How you were more likely than not to get a
    different room next time, and even if it was the same room, it was highly
    unlikely that your shoes would still be there. I made it sound a lot more
    patronising than that :-)

    >Those who ignore
    > the past are forced to re-live it.


    So true! Bring it on :-) Certainly a refreshing change from those ignoring
    the present and wallowing in the mud.

    Cheers Richard Maher

    "Wilm Boerhout" wrote in message
    news:46d17bd5$0$25482$ba620dc5@text.nova.planet.nl ...
    > on 26-8-2007 14:25 Richard Maher wrote...
    >
    > [snip]
    >
    > >> I am a forgiving person(a).

    > >
    > > Give me time Wilm, give me time :-)
    > >

    >
    > Since this is a weekend at least on this end of the timezone chain, I'll
    > give you all the time 'til Monday.
    >
    > [snip, snip, snip, snap, snip snippety snip]
    >
    > >
    > >> In this our stateless universe,

    > >
    > > NO! "Your" stateless universe Wilm "YOUR"! Thus is the world as YOU have
    > > made it. (Or at least perceive it.) Take off your bull**** HTTP blinkers

    for
    > > a while and smell the coffee! And other mixed metaphors :-)
    > >

    >
    > My universe has been stateless since my days as an ACMS programmer. I
    > did not have to learn anything new about transactional programming and
    > webservices when web services arrived. Some of my younger collegues
    > though were very surprised that records could change after they first
    > accessed them in their (SOAP, AJAX, PERL, ...) program. Those who ignore
    > the past are forced to re-live it.
    >
    > /Wilm
    >
    > Now playing: Amy Winehouse - You sent me flying




  19. This is going straight to the pool room

    Hi Chuck,

    If you're still there, FWIW here is how I'd do it (example code below).

    Please search the attached code for sys$sndjbc. This code is called when the
    web-browser-based client has chosen to delete one of the VMS queue entries
    that was dynamically populated into their HTML DOM