15
Sat, Mar
2 New Articles
  1. You are here:  
  2. Home
  3. Security
  4. Security - Other
  5. TechTalk: Security and the Unattended Workstation

TechTalk: Security and the Unattended Workstation

Security - Other
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The AS/400 provides a comprehensive set of integrated security features that control access to system objects. Frequently, however, we overlook a real source of potential problems - the unattended workstation. Wouldn't it be nice if we had an easy way to deal with this problem?

Fortunately, we have at least two options. If you work in a shop with a large budget you can buy a package that will allow you to monitor and time- out unattended workstations. If your budget is tight or you want to do a little experimentation, try the following:

For menus, when you use the Create Display File command (CRTDSPF), enter a value for the WAITRCD parameter. When you prompt the command, you will find the WAITRCD parameter under additional parameters: 

 Additional Parameters Maximum record wait time.....> 45 Seconds, *NOMAX, *IMMED

In the above I have entered 45 seconds. This means the display will remain visible for 45 seconds before control is returned to the CL program sending the menu.

The CL program in 1 will send a menu and sign the user off if nothing is done for 45 consecutive seconds.

The CL program in Figure 1 will send a menu and sign the user off if nothing is done for 45 consecutive seconds.

Explanation:

Line 400 - Sends and receives the menu. The *NO parameter specifies that the program should go to the next line without waiting for a menu option to be entered.

Line 500 - The wait command tells the program to wait for the amount of time specified in the WAITRCD parameter of the display file.

Line 600 - The monitor message command is executed if nothing is keyed during the time limit specified by the display file's WAITRCD parameter. In this example, if nothing is entered within 45 seconds, the SIGNOFF command is executed. You, of course, can code options other than SIGNOFF. RPG/400 also has the time-out capability available to it.

To detect inactive workstations left signed on from your RPG/400 programs, do the following: 

 1. Code the INVITE keyword in the DDS for the display file. 2. Supply a value for the display file's WAITRCD parameter. 3. Specify the INFDS data structure in your RPG program with the *STATUS keyword included. 4. If a workstation time-out occurs, the *STATUS field will contain a value of 1331. Code a test for this value in your program following your installation standards. 5. If a time out is detected you may want to have your program call an installation standard program that signs off the workstation, alerts the system operator, or that takes some other corrective action.

2 shows some sample code (not a complete working program) that illustrates the concept. Indicator 60 will signal EOF or a file error such as record lock or time out. Indicator 60 and a status of 1331 indicate a workstation time out in which case a program is called to deal with the potential security problem.

Figure 2 shows some sample code (not a complete working program) that illustrates the concept. Indicator 60 will signal EOF or a file error such as record lock or time out. Indicator 60 and a status of 1331 indicate a workstation time out in which case a program is called to deal with the potential security problem.

Ed Crawford Houston, Texas

TechTalk: Security and the Unattended Workstation

Figure 1 Sample CL program for automatic sign-off

 Figure 1: Sample CL program for automatic sign-off 100PGM 200DCLF FILE(EDMN) 300 SNDEDMN: 400SNDRCVFWAIT(*NO) 500WAIT 600MONMSG (Code inserted here to process entered menu options) 700ENDPGM 
 
 TechTalk: Security and the Unattended Workstation
 
 Figure 2 Sample RPG and Display File code to detect inactiv
 
 Figure 2: Sample RPG and Display File code to detect inactivity ...10....+...20....+...30....+...40....+...50....+...60....+...70 A INVITE A R SCRN1 TEXT('MY SUBFILE RCD') ...10....+...20....+...30....+...40....+...50....+...60....+...70 FPROMPT CF E WORKSTN F KNUM 01 F KINFDS INFDS IINFDS DS I *STATUS STATUS C WRITESCRN1 C READ PROMPT 6060 C STATUS IFEQ 1331 C SETON LR C MOVEL'SIGNOFF' CMD 7 C Z-ADD7 LEN 155 C CALL 'QCMDEXC' C PARM CMD C PARM LEN C END ...10....+...20....+...30....+...40....+...50....+...60....+...70
BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  •  

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: