Security levels

The security level determines what verification occurs when a connection arrives on a listening port.

In previous versions, the Genero Desktop Client accepted all connections that arrived on the listening port, without any verification. With Genero 2.0, the security level was raised to level 2.

Change the security level using the gdc -A command line or on the Security tab.

Table 1. Security Levels
Security Level Description
0 Security level 0 is the least secure.

Command Line: gdc -A 0

Any connection started by the runtime system is authorized. No security message displays.

Regardless of the security level, connections from the runtime system are also limited by the --listen command line option. To accept any connection, the GDC must also be started with --listen="ANY" or with debug enabled by the -D option, which has a default listening value of "ANY". For more information, go to GDC command line options.

1 Security level 1 displays a warning.

Command Line: gdc -A 1

When the runtime system starts a connection:
  1. The GDC checks for the host IP address exists in $AppDataDir/hosts.xml. If the host exists, the GDC accepts the connection and the application displays.
  2. If the IP address is not found, the Security Connection Message dialog displays a warning and asks the user whether to connect.
2 Security level 2 uses a key mechanism.
Important:

This only works when using a direct connection shortcut to start an application.

Command Line: gdc -A 2

  1. The GDC completes the security key mechanism check . If both keys check, then the connection is made.
  2. If the security key mechanism check fails, then the GDC looks for the IP address of the DVM host in $AppDataDir/hosts.xml. If the host exists, then the connection is made.
  3. If this host check fails, then the Security Connection Message dialog displays a warning and asks the user whether to connect.

If the runtime system does not handle this feature, you will not be able to run an application at this security level.

3 Security level 3 uses a key mechanism.
Command Line: gdc -A 3
Important:

This only works when using a direct connection shortcut to start an application.

  1. The GDC completes the security key mechanism check . If both keys check, then the connection is made.
  2. If the security key mechanism check fails, then the GDC looks for the IP address of the DVM host in $AppDataDir/hosts.xml. If the host exists, then the connection is made.
  3. If this host check fails, then the connection is rejected.

If the runtime system does not handle this feature, you will not be able to run an application at this security level.

The security key mechanism check

How the key mechanism works:

  1. When the GDC starts, it generates two random keys. These are known as UUIDs.
  2. When the GDC starts a direct connection and that connection uses one of the @FGL tags (@FGL, @FGLNT, @FGLCSH, or @FGLKSH) in the command, _FGLFEID and _FGLFEID2 are exported. At this point, fglrun has two variables in its environment (_FGLFEID and _FGLFEID2) that it will use to verify the GDC it attempts to connect to.
  3. The GDC gets the _FGLFEID from the DVM via the GUI connection and compares it to the _FGLFEID it initially generated. If they match, it knows that it is connecting to the correct DVM. Otherwise, it should reject the connection.
  4. The DVM gets the _FGLFEID2 from the GDC. If it matches the _FGLFEID2 value set in its environment, it knows it has the correct GDC. Otherwise, it should reject the connection.

When a check fails, the security level ultimately determines whether to reject the connection or to allow the end-user to override and accept the connection.

The Security Connection Message dialog

When displayed, the Security Connection Message dialog allows a user to accept a connection despite not passing the security checks involving key mechanism verification or hosts.xml validation.

Figure: Security Connection Message dialog

screen shot showing the Security Connection Message dialog.
Warning:

Take caution before allowing your users to bypass the security checks. The key mechanism detects and prevents unauthorized users and applications from connecting via the Genero Desktop Client. Users need to understand the implications and security risks of electing to allow connections that have not been properly validated.

Table 2. Security Connection Message Options
Action Description
Yes Accept this connection and only this connection. The connection information is stored in memory for the duration of the connection. Any additional connection from the same host causes the message to be displayed again.
Yes to All The GDC accepts this connection and any other connection from the same host. This setting is saved to $AppDataDir/hosts.xml when the GDC closes.
Tip:

You can modify the hosts.xml file if needed, or remove it to clear the authorized list.

No The GDC rejects this connection and the application will not run.
Tip:

Did you answer "No" by accident? When you next execute the same application, the dialog redisplays.