Ask Reuben

GDC Security Levels

What is a GDC Security Level? 

Why is the default GDC Security Level 2?

I had a support case recently where the customer was starting the Genero Desktop Client (GDC) with -A 0 in the command line arguments in production.  As per the documentation, the -A (or –authentication) argument controls the security level.  If not set then it defaults to a value of 2.

To understand concept of GDC security level, a good test is to engage the cooperation of a colleague who sits next to you.  Get them to start GDC from the command line on their PC with -A 0 in the command line arguments.  Now find out the ip address of their PC and from a terminal on your PC do something like …

export FGLSERVER=their-ip-address:0
fglrun program

… and you may find that the program you are starting is using their GDC.  (if this not work, see paragraph at end of article).  To understand the dangers of this, what do oyu think might happen if your program is INPUT login, password

As per the documentation on security levels, a level of 0 is the least secure and allows any connection to run.

As you increase the security levels, additional tests are created.

First the Security Connection Message dialog appears …

… and then for levels 2 and 3 there is a Key Mechanism.

Before I get into levels 2 and level 3, you should also be aware of the following.  A Genero application has two processes, the fglrun process on the back end server, and in the case of GDC applications, the gdc.exe running on the users PC.  What you need to consider is to ask yourself, what process is initiating the application start.  When you are developing, you will most likely execute fglrun program-name on the command line (or execute from Genero Studio which deep down does the same thing), so the initiating action is the fglrun on the back end.  On the other hand A user will most likely start an application by double clicking on a short-cut on the desktop that starts the GDC and launches a program on the back-end server.  The key thing for the user is the initiating action is the gdc.exe on the front-end.

This initiating action is the key thing in security levels 2 and 3 as it allows the Key Mechanism to function. You can read the key mechanism details here  but the key thing is that the GDC sends some keys as part of its initial connection to the server and launch of the fglrun process.  When the fglrun process starts and connects back to the GDC, there are checks in place that ensure that the GDC is only allowing a connection from an fglrun process that it knows that itself started, as opposed to someone sitting at the terminal typing fglrun …

The default security level is 2, and the difference between level 2 and level 3 is that if the Key Mechanism doesn’t succeed, level 2 still allows the user to override with the Security Connection Message dialog.

You should also note that the Important tip about Security Levels 2 and 3 “This only comes into effect when using a direct connection shortcut to start an application.”.  The alternative to a Direct Connection shortcut is to use HTTP connection shortcut and that has the property that the front-end process is initiating the connection.

The final piece on the puzzle is the –listen command line argument.  This also helps lock the door in that only connections from localhost will be let in by default.  So that example I gave with your colleagues PC at the beginning.  If that doesn’t work for you, try also --listen ANY at the same time you set -A 0,