- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Userid/Password verification within a BASIC ap...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2005 01:41 AM
тАО02-01-2005 01:41 AM
Is there a system service I can call from a BASIC application to verify the userid/password combination? If so, does someone have an example in BASIC of how to do so. I'm not a very good at understanding the system service documentation and work best from examples.
Many thanks for any assistance you can provide,
Dan Herron
Kittles Furniture
Indpls, IN
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2005 01:56 AM
тАО02-01-2005 01:56 AM
Re: Userid/Password verification within a BASIC application
Example code for calling these system services can be found
http://www.eight-cubed.com/examples/framework.php?file=sys_getuai.c
http://www.eight-cubed.com/examples/framework.php?file=sys_audit_event.c
http://wwwvms.mppmu.mpg.de/vmssig/src/FOR/UAI_EXAMPLE.FOR
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2005 02:18 AM
тАО02-01-2005 02:18 AM
Re: Userid/Password verification within a BASIC application
You might also have a look at the SYS$ACM system service
http://h71000.www7.hp.com/doc/732FINAL/4527/4527pro.html#acm_001
http://h71000.www7.hp.com/doc/731FINAL/5841/5841pro_contents_010.html#toc_chapter_33
Greetz,
Kris (aka Qkcl)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2005 03:25 AM
тАО02-01-2005 03:25 AM
Re: Userid/Password verification within a BASIC application
You might also want to take a look at the "Guide to System Security".
In particular, you want to consider carefully what this implies. You need to be careful to ensure that this does not lead to a security hole. The most simple minded approach does create a security hazard by processing the Management account/password pair.
There are several possibilities. Which one is the right one depends upon the exact details of your application (one that I have used on several occasions is DECnet logical links).
If the above is unclear, or I can be of further assistance, please let me know.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2005 05:37 AM
тАО02-01-2005 05:37 AM
Re: Userid/Password verification within a BASIC application
In this thread (which has a similar problem as you), I posted a litle MACRO program which gets
the password of the current user and verify it.
You can use it as an example.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=743707
Bojan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2005 07:08 AM
тАО02-01-2005 07:08 AM
Solution0"username password"::PASSCHECK.TMP
if successful the password is correct.
See also my example using PIPE at
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=743707
Since it's in DCL, you would have to SPAWN it from BASIC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2005 09:11 AM
тАО02-01-2005 09:11 AM
Re: Userid/Password verification within a BASIC application
>>> open 0"username password"::PASSCHECK.TMP
>>> if successful the password is correct.
>>> See also my example using PIPE at
:
>>> Since it's in DCL, you would have to
SPAWN it from BASIC.
Just ot be perfectly clear, you can just use a BASIC OPEN statetement and use the STANDARD error handling to determine whether it worked (now close it!), or failed.
And you can use NL: as the 'file' (or login.com).
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-01-2005 09:36 PM
тАО02-01-2005 09:36 PM
Re: Userid/Password verification within a BASIC application
A further note on the integrity of the "Managers Password" and the override process.
Care needs to be exercised. Particularly since this is supposed to be an auditable interface. I am working with no context, but if this is going to be audited at some point, the following comments apply:
- the application program should not get the manager's password.
- the application should pass control to a separate, limited program which does the actual override.
- I don't have an indication of scale, but consideration should be given to a "Dongle", challenge/response, or similar system. The simple "Manager's Password" approach is vulnerable to various attacks, including: playback, spoofing, and unauthorized code modifications.
As I mentioned on opening, the overide/authorize function can be done correctly, in a way which will stand up to audit scrutiny, but care must be exercised.
In these days of Sarbenes-Oxley, for example, auditing standards for production applications have increased substantially, with more concern being paid to separation of program development staff from production accounting data. Overrides are of particular concern to auditors.
I hope that the above is helpful. If I have been unclear, please let me know.
- Bob Gezelter, http://www.rlgsc.com