Security Issues of the QMClient API

Security Issues of the QMClient API

Top  Previous  Next

 

In most systems, a normal terminal user is taken directly into the application on logging in and the application itself controls what the user can do. The ON.ABORT paragraph provides a mechanism to ensure that, even if the application fails, the user cannot fall back to a command prompt.

 

With QMClient, the client session is effectively at a command prompt from which it can open, read and write files, execute commands, or call subroutines. It becomes the responsibility of the client software to control what the user can do. A knowledgeable user with a valid user name and password could, however, develop a client session that connects in the same way as the application and then goes on to do almost anything. Setting appropriate access rights on files may help but is unlikely to be a perfect solution to this potential security threat.

 

The QMCLIENT configuration parameter can be used to control the level of access that a QMClient session has. It starts with the value defined in the QM configuration parameters and can be modified to a higher level using the CONFIG command but cannot be taken to a lower level in this way. Because QMClient sessions execute the LOGIN paragraph on connection, the CONFIG command is easily executed from this paragraph.

 

It may also be useful to validate the client network address (See @IP.ADDR) in the LOGIN paragraph.