Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.



Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CLOSED] CMRUN Command
 Login/Join
 
Member
posted
The CMRUN is exposing the actual user id and password arguments in a ps -ef listing even if the calling script is using variables that are being read from a protected file. Has anyone been able to properly secure the password from being viewed in a process listing when CMRUN is run on Linux/UNIX systems?

This message has been edited. Last edited by: Tamra,
 
Posts: 3 | Registered: May 26, 2015Report This Post
Expert
posted Hide Post
You can use -SET &ECHO=OFF, and set MSG=OFF and SET EMGSRV=OFF, to lock down the WebFOCUS part.


Waz...

Prod:WebFOCUS 7.6.10/8.1.04Upgrade:WebFOCUS 8.2.07OS:LinuxOutputs:HTML, PDF, Excel, PPT
In Focus since 1984
Pity the lost knowledge of an old programmer!

 
Posts: 6347 | Location: 33°49'23.0"S, 151°11'41.0"E | Registered: October 31, 2006Report This Post
Member
posted Hide Post
Thanks for the quick response Waz! Your suggestion was attempted by placing them in the profile for the account running the command and it didn't work on our end. Where specifically do you place the suggested options? BTW - running SuSe Linux 11 and using version 8.0.08 Data Migrator server..
 
Posts: 3 | Registered: May 26, 2015Report This Post
Expert
posted Hide Post
I would put it in the fex with the CMRUN command.

If you have a generic fex that is included everywhere, then put it in there.

All depends on what you want to lock down.


Waz...

Prod:WebFOCUS 7.6.10/8.1.04Upgrade:WebFOCUS 8.2.07OS:LinuxOutputs:HTML, PDF, Excel, PPT
In Focus since 1984
Pity the lost knowledge of an old programmer!

 
Posts: 6347 | Location: 33°49'23.0"S, 151°11'41.0"E | Registered: October 31, 2006Report This Post
Guru
posted Hide Post
Note that CMRUN is a program compiled for each platform and can be run from the command line, or from a shell script or bat file. There's no need to call it from a focexec. So I don't quite follow Waz's comments.

It would be helpful to include an example of your script. It took me a bit to figure out what you are doing. If you don't wait for the flow to complete you won't see cmrun in the process listing. So I'm guessing you did something like this:
  
$ export EDAHOME=/ibi/srv77/home
$ export LD_LIBRARY_PATH=$EDAHOME/bin
$ $EDAHOME/bin/cmrun.out s=lnxx64r5, u=edachk, p=password, r=flow01, w=1 & ps -ef | grep cmrun

 Run (    1) Connecting to 'lnxx64r5' as 'edachk'
edachk    6927 13181  0 13:19 pts/57   00:00:00 /ibi/srv77/home/bin/cmrun.out s=lnxx64r5, u=edachk, p=password, r=flow01, w=1
edachk    6929 13181  0 13:19 pts/57   00:00:00 grep cmrun
/prog/edachk$  Run (    2) DM Manager Server: Version 7, Release 7
(ICM18016) Request  /flow01  submitted. Please, wait for request to complete.
(ICM18762) Job ID: 20160120131921_fbc75b8e
(ICM18763) Request  /flow01 complete

It does indeed show the command line with the password. However in the current production Release 7.7.07 (aka 8.1) you store the password in an external file which can be protected and refer to the file containing the password instead of the password. For example using a file in the current directory called "credentials" that contains the password:

 $ $EDAHOME/bin/cmrun.out  u=edachk, s=lnxx64r5, x=credentials, r=flow01, w=1 & ps -ef | grep cmrun
[1]     9131
edachk    9131 13181  0 13:55 pts/57   00:00:00 /ibi/srv77/home/bin/cmrun.out u=edachk, s=lnxx64r5, x=credentials, r=flow01, w=1
edachk    9133 13181  0 13:55 pts/57   00:00:00 grep cmrun

 Run (    1) Connecting to 'lnxx64r5' as 'edachk'
/prog/edachk$  Run (    2) DM Manager Server: Version 7, Release 7
 (ICM18016) Request  /flow01  submitted. Please, wait for request to complete.
 (ICM18762) Job ID: 20160120135528_97b5fce0
 (ICM18763) Request  /flow01 complete

I see that you are using WF Release 8.0 which is equivalent to DataMigrator Release 7.7.05 first available in January 2013. So that you can use this new functionality please upgrade to the current production Release 7.7.06 or 8.1.

This message has been edited. Last edited by: Clif,


N/A
 
Posts: 397 | Location: New York City | Registered: May 03, 2007Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic


Copyright © 1996-2020 Information Builders