I just finished watching your latest 5.3 webinar.
The new PC listener sounds like and wonderful replacement for the Java applet.
The Java applet takes a long time to load when it is first used after PC REBOOT.
The Java applet can have other strange issues and problems and at it is no fun to trouble shoot when you have over 150 users.
I have two questions.
Can it be used under IBMi 7.1 OS?
Are there any security issues when using the listener?
Thank you.
STRPCCMD - PC command listener - 7.1 - Security
-
- Profound User
- Posts: 52
- Joined: Mon Sep 19, 2011 3:00 pm
- First Name: Bruce
- Last Name: Anthony
- Company Name: The State Bar of California
- Contact:
-
- Experienced User
- Posts: 2711
- Joined: Wed Aug 01, 2012 8:58 am
- First Name: Scott
- Last Name: Klement
- Company Name: Profound Logic
- City: Milwaukee
- State / Province: Wisconsin
Re: STRPCCMD - PC command listener - 7.1 - Security
The PC Command listener will work with IBM i 6.1 and higher.Can it be used under IBMi 7.1 OS?
In 6.1 and 7.1, the STRPCCMD command limits you to 123 characters or less. In 7.2 this limit was increased. This is an IBM limit, however, not a Profound one. (Our PC Command listener and Java applet both work with either length, and our runPCCommand() API does not have this limit.)
The PC Command listener runs on the same PC as the web browser. When a command is sent, it is sent from the browser to the listener, and this is done using the PC's "loopback" or "localhost" interface, so it never goes over the network. For this reason, it is very secure and not exploitable from any other location except the PC it was run on.Are there any security issues when using the listener?
However, there is one flaw: The browser will refuse to connect to the PC Command listener if the web page is SSL but the listener is not SSL. When data is sent to the browser with SSL, it will refuse to send it to the PC Command listener over a non-SSL channel. This is NOT a security problem since its never sent over the network, so there's no chance of it being viewed, but the browser THINKS it's a security problem because it's switching from encrypted to non-encrypted, and will refuse to do it.
So if you're connecting to your IBM i with SSL, the PC Command Listener will not work. You will have to use the Java client instead.
If you are connecting to the IBM i without SSL, the PC Command listener will work nicely and there are no security concerns with PC Commands.
-
- New User
- Posts: 18
- Joined: Thu Mar 17, 2011 7:38 am
- First Name: Joao
- Last Name: Mendes
- Company Name: Banco Credibom, SA
- Country: Portugal
- Contact:
Re: STRPCCMD - PC command listener - 7.1 - Security
Hi Scott,
Is there any developments beening done, to address the SSL issue?
Right now I cannot use the latest versions os Chrome because it doesn't support JAVA Applets, and cannot use PC command Listener in IE because of the SSL.
Even more, with SSL and all the security the company as implemented in the browser java applet is very slow, specially when it starts. So it would be nice to have PC command listner for SSL as well.
Is there any developments beening done, to address the SSL issue?
Right now I cannot use the latest versions os Chrome because it doesn't support JAVA Applets, and cannot use PC command Listener in IE because of the SSL.
Even more, with SSL and all the security the company as implemented in the browser java applet is very slow, specially when it starts. So it would be nice to have PC command listner for SSL as well.
Thanks,
João Mendes
João Mendes
-
- Experienced User
- Posts: 2711
- Joined: Wed Aug 01, 2012 8:58 am
- First Name: Scott
- Last Name: Klement
- Company Name: Profound Logic
- City: Milwaukee
- State / Province: Wisconsin
Re: STRPCCMD - PC command listener - 7.1 - Security
Joao,
Please contact support@profoundlogic.com and put in a feature request. Although we know about this limitation, we have not had any customers request an improvement. Until we have a feature request, we probably won't do anything about it.
-SK
Please contact support@profoundlogic.com and put in a feature request. Although we know about this limitation, we have not had any customers request an improvement. Until we have a feature request, we probably won't do anything about it.
-SK
Who is online
Users browsing this forum: No registered users and 0 guests