Channel Access Security

Subject: Channel Access Security
From: 'Mark S. Engbretson (BESSRC-CAT)'
Date: Tue, 6 Aug 1996 13:45:06 -0500


I have, what I hope turns out to be an idiot question concerning Channel =
Access Security.

Currently I have Access Security Configuration Files restricting write =
access to certain people and machine locations. It has so far worked =
rather well.=20

The Channel Access Reference manual, though, has 2 functions in it =
'Ca_Modify_User_Name' and 'Ca_Modify_Host_Name' that are beginning to =
bother me a bit.

You see, if I compile any CA application, and use those calls to set the =
user name and machine to known 'legal' people/computers, i.e. those that =
should allow write access to particular PV's, then running this =
application on ANY machine (current on a Intel PC platform), I am able =
to write to PV's that are normally not accessable to that computer.

I suspect that because of the existance of these calls, this behavior is =
expected . . . however, it does imply that anyone with a compiler, the =
CA libs, and a wild guess (or a peek) at someone ACL lists  basically =
can twiddle with my IOC's without my knowledge.=20

What am I missing?

Me

Prev by Date: http://www.plcdirect.com/
Next by Date: VME crates in white beam enclosures
Index(es):
- Date