|Powered by QM on a Rpi server|
KnowledgeBase 00078: Public and Private Servers
This article was originally published as a Tip of the Week.
QM allows access to files on other QM servers by using an extended form of a Q-pointer
1: Q 2: Account name or pathname 3: VOC record name in target account 4: Server nameor, if enabled with the FILERULE configuration parameter, by an extended file name syntax
server:account:filenameWhen using these file references, the file is opened via QMNet which starts a server process on the remote system. There is a separate server process for each QM user opening a remote file but a single process may handle access to multiple files from the one QM session.
The server process runs with the authentication credentials (user name and password) set when the server is defined on the local system. All aspects of security such as file permissions and access to encryption keys is controlled by the server user name. In its simplest usage, all users of the local QM system run the server process using a single user name. For enhanced security, different user names can be used on the remote system for each local user (or group of users).
The SET.SERVER Command
A QMNet server can be defined by a user with administrator rights using the SET.SERVER command
SET.SERVER name addr username passwordwhere
The SET.SERVER command is executed on the local (client) system and creates a reference to a remote QM server that has files that an application may wish to access. All of the authentication details in the command relate to the process that will be created on the remote system when a local QM session attempts to open a file on that server.
A QMNet server defined in this way remains defined until is is explicitly deleted (DELETE.SERVER) and is available to all users on the local system. Because security is determined by the remote user name which is the same for all local users, there are potential security risks with this method in some situations.
The SET.PRIVATE.SERVER Command
The SET.PRIVATE.SERVER command, available to all users, defines a server that is accessible only to the process in which the command is executed.
SET.PRIVATE.SERVER name addr username passwordThis command can be used from the command prompt or from within an application to set connection parameters that are specific to the local user and hence offers increased security control.
QMNet Server Administration
For complete control, the ADMIN.SERVER command can be used to create a set of server definitions that can be applied to individual users or groups of users. Different local users connecting to the same remote server can use different user names. This offers the highest level of QMNet security.
Remote Server Security
All of the security mechanisms discussed above are on the local client side of the connection. Additional security can be imposed on the remote server.
An incoming QMNet connection is only allowed if this facility has been enabled via the NETFILES configuration parameter.
00062: Extended Filename Syntaxes