Since we are asking,
 change the client api so that sql queries can be run from it so that
we can
develop a reasonable perl interface
OR,
Arrange for the existing perl DBD::ODBC  interface to be able to hook
directly
into ADSM.

Steve Harris

The Wesley Hospital, Brisbane Australia








"Alan R. White" <arw AT TIPPER.DEMON.CO DOT UK> on 27/01/2000 08:40:41

Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>








 To:      ADSM-L AT VM.MARIST DOT EDU

 cc:      (bcc: Steve Harris/Wesley)



 Subject: Re: Regular output of figures from ADSM



Fax to:




Depends on what we mean by security here folks, or the degree with
which you
wish to apply it.

You'll need to stop all other user logons to the box as while this
command
is running a quick 'ps -ef' will on most unix platforms reveal the full
command line after variable substitutions, ie you will see the password
in
clear text. Any logged on user can run this - I heard there was also a
rpc
based means of running remote ps commands to (over and above the
regular rsh
stuff).

In short, come on development - address some of the real issues with
adsm/tsm which give everyone a headache with mind-numbing discussions
with
out internal security experts who want to stop all of what they see as
'loopholes'.

Release a documented admin API, perl library or whatever which deals
with
this or a means of devolving trust for authentication to the operating
system, i.e. a bit like passwordaccess generate. Integrate some of the
server stuff with real external schedulers or embed a real scripting
language and fix the internal scheduler to understand dependancies.

Regards
Alan on a soapbox again.