[Date Prev][Date Next][Date Index]
Channel Access Security
- Subject: Channel Access Security
- From: 'Mark S. Engbretson (BESSRC-CAT)'
- Date: Tue, 6 Aug 1996 13:45:06 -0500
I have, what I hope turns out to be an idiot question concerning Channel =
Access Security.
Currently I have Access Security Configuration Files restricting write =
access to certain people and machine locations. It has so far worked =
rather well.=20
The Channel Access Reference manual, though, has 2 functions in it =
'Ca_Modify_User_Name' and 'Ca_Modify_Host_Name' that are beginning to =
bother me a bit.
You see, if I compile any CA application, and use those calls to set the =
user name and machine to known 'legal' people/computers, i.e. those that =
should allow write access to particular PV's, then running this =
application on ANY machine (current on a Intel PC platform), I am able =
to write to PV's that are normally not accessable to that computer.
I suspect that because of the existance of these calls, this behavior is =
expected . . . however, it does imply that anyone with a compiler, the =
CA libs, and a wild guess (or a peek) at someone ACL lists basically =
can twiddle with my IOC's without my knowledge.=20
What am I missing?
Me