Axiant, NT, batching and security

[Oran Shapitka]

We have deployed Axiant on W2K for two clients that we migrated off of the
HP3000 platform.  We converted the process of building !JOB files to
generate .BAT files.  We execute these on the W2K DB Server using a NT
Service that we installed.  The service is WINCRON from Tomasello Software.
www.wincron.com

Wincron has many great features and we have just barely started using it's
capabilities.  It's syntax is very close to cron on Unix.  We have setup a
logfile to record execution of .bat files, and have used file redirection to
capture the results of the .bat file execution.  This allows us to look at
the job results similar to $stdlist on the HP3000 for support purposes.

As far as security goes, we set up the service on the DB Server to logon at
startup as a user having administrator capabilities.  The end user generates
the .bat file and places it in a specified directory that Wincron scans.  As
soon as Wincron sees the file (scanning time variable is configurable),
Wincron loads the .bat file for execution.  The structure also allows for
future date/time execution.  The user logged on to the wincron service was
setup specifically for Wincron use.

We have also setup the .bat files to execute and place the results of the
batch process in a directory owned by the requesting end user.  This
directory have been released for access by the end user, or group of users.
The report file can then be viewed in whatever tool they want.  The end user
can even import the file into Excel or any other windows tool as it is a
.txt file.

Hope this is of some help to you.  Feel free to contact me if you want any
more information in regards to this.

Oran Shapitka, I.S.P.
Intertech Business Systems, Inc.
1564, 10303 Jasper Ave			Email:  oran@intertechsystems.com
Edmonton, AB  T5J 3N6  Canada		Voice:  (780) 413-0400	Fax:	(780) 413-0398

<http://www.intertechsystems.com/>



-----Original Message-----
From: powerh-l-admin@cube.swau.edu
[mailto:powerh-l-admin@cube.swau.edu]On Behalf Of
shulbert@littlejohnfrazer.com
Sent: Tuesday, July 16, 2002 10:33 AM
To: powerh-l@lists.swau.edu
Subject: Axiant, NT, batching and security


is anyone using axiant thin client with nt as front and back ends?

if so, how do you deal with batch processes?

we're using 'run command "AT..."', but this seems to have a rather large
security hole.

to have access to the AT queue, users must belong to the Administrator group
on the server.

which would mean that allowing axiant users to stream batch jobs would give
them admin acces to the server. call me paranoid but this seems a very bad
idea indeed.

any ideas/solutions?

Stephen Hulbert.
Senior Analyst/Programmer.
Software Division. Littlejohn Frazer.




The information contained in this communication is confidential and may
be legally privileged. It is intended solely for the use of the
individual or entity to whom it is addressed and others authorised to
receive it.  If you are not the intended recipient you are hereby
notified that any disclosure, copying, distribution or taking of any
action in reliance on the contents of this information is strictly
prohibited and may be unlawful.

Littlejohn Frazer reserves the right to monitor the content of any
message sent to or from littlejohnfrazer.com and its associate domains,
fmi-litjon.co.uk and litjon.co.uk

A list of partners may be inspected at 1 Park Place, Canary Wharf,
London, E14 4HJ

Registered to carry on audit work by the Institute of Chartered
Accountants in England & Wales, and authorised by the Financial
Services Authority to provide financial services

= = = = = = = = = = = = = = = = = = = = = = = = = = = =
Mailing list: powerh-l@lists.swau.edu
Subscribe: "subscribe" in message body to powerh-l-request@lists.swau.edu
Unsubscribe: "unsubscribe" in message body to
powerh-l-request@lists.swau.edu
http://lists.swau.edu/mailman/listinfo/powerh-l
This list is closed, thus to post to the list you must be a subscriber.