[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference ilbbak::ibi_focus

Title:	FOCUS, from INFORMATION BUILDERS

Moderator:	ZAYIUS::BROUILLETTE

Created:	Thu Feb 19 1987
Last Modified:	Mon May 05 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	615
Total number of notes:	1779

504.0. "Question to the VMS (DCL) command" by UNTADI::DIETRICH (and now for s.th. completely different) Mon Mar 30 1992 09:27

Hello,


I have a advanced beginner question about the possibility to come to the DCL 
level via FOCUS.

We have a application (NICE), which uses FOCUS as a "layered product".
The problem at the moment is, that users of our application can reach the DCL
level via FOCUS, which should not be possible, because of security reasons.

My questions are:

1) Can somebody tell me, what FOCUS commands allow the user to execute DCL 
   commands? (I know at the moment that FOCUS VMS allows that).

2) Is there a possibility to remove the possiblity to reach DCL via FOCUS?
   Maybe by putting a statement in a FOCUS startup procedure or by removing
   the FOCUS VMS command? (How to do that?).



Thank you in advance for answering my questions.

Regards,  
        Michael.

T.R	Title	User	Personal Name	Date	Lines
504.1	DCLess	AWASH::JBAMFORTH		`Mon Mar 30 1992 14:26`	31
	All commands beginning with VMS or -VMS (effectively) SPAWN a subprocess. You can eliminate VMS level access by setting the user's account SUBPROCESS quota = 0 If you don't want to do it that way, you can use a LET command to override the definition of VMS. For example, create a profile.fex for all users who should not have VMS access. FOC$DIR1:[yourdir]PROFILE.FEX -* beginning of profile.fex LET VMS = -* end of profile I can't think of an easy way to eliminate the -VMS capability from within a .FEX(aside from the subprocess quota thing above). Good luck. PROFILE.FEX LET VMS="
504.2	DCLess	UNTADC::DIETRICH	and now for s.th. completely different	`Wed Apr 01 1992 02:04`	5
	Thank you for your fast response! Regards, Michael.
504.3	LET VMS =	UNTADH::DIETRICH	and now for s.th. completely different	`Wed Apr 01 1992 09:07`	31
	> If you don't want to do it that way, you can use a LET command to override > the definition of VMS. > For example, create a profile.fex for all users who should not have > VMS access. > FOC$DIR1:[yourdir]PROFILE.FEX > -* beginning of profile.fex > LET VMS = > -* end of profile The problem with the LET command seems to be that every user can redefine the VMS access by defining LET VMS = VMS Therefore the redefining with the LET command does not solve our problems to prohibit the user to access VMS via FOCUS. The setting of the user's account SUBPROCESS quota to 0 is not possible in our case. Are there other possibilities to prohibit VMS access via FOCUS? Questions over questions from, Michael.
504.4	Disable LET command	SHIPS::CARSE_D		`Thu Apr 02 1992 05:05`	21
	Michael, If it's possible to do so in your application profile, why not disable 'LET' processing after disabling VMS access ? For example: > LET VMS = ; > LET LET = ; This will disable direct VMS access but users will not be able to use the LET command. I don't know of any way of disabling "-VMS" commands within FEX's apart from the subprocess method. Regards, David
504.5	Use SYS$INPUT...	AWASH::GVOSS		`Mon Apr 06 1992 15:42`	27
	Here's a Focexec to turn off VMS inside FOCUS. I hope this helps. Greg ---------------------------------------------------------------------- SET MSG = OFF -SET &QUIT = 'OFF'; FILEDEF TESTIN DISK SYS$INPUT -RUN -NEXT_INPUT -TYPE FOC> -READ TESTIN &INPUT.A80. -SET &INPUT=UPCASE(80,&INPUT,'A80'); -IF EDIT(&INPUT,'9999 ') IS '-VMS ' THEN GOTO NO_VMS; -IF EDIT(&INPUT,'999 ') IS 'VMS ' THEN GOTO NO_VMS; &INPUT -RUN -GOTO NEXT_INPUT -NO_VMS -TYPE UNKNOWN FOCUS COMMAND &INPUT -TYPE BYPASSING TO END OF COMMAND -GOTO NEXT_INPUT