5250 Terminal Web2Desktop integration

We just released an update for our PCH module which brings more power under your hands with web based 5250 terminal for IBM i.

PCH is a browser to desktop integration module - part of then Green Screens Web Browser Extension allowing more advanced features. Last update release brings a custom browser scheme gs-run: which allows to execute programs on user desktop directly from browser, JavaScript or STRRMTCMD.

Look at the video below to see how does it work.

Security

Scheme gs-run: is an URL scheme as any other like http:, https:, ftp: etc.

All URL schemes including custom ones are available through browser address bar including gs-run:. Without implemented security measures, anyone can execute program linked to custom URI scheme directly from a web page which would be an extremely high security risk.  For an example, attacker can download malicious program, and then start it through custom URL scheme.

New scheme gs-run: is a safe isolated module which is possible to execute only from live terminal session. Underlying program will contact running Green Screens server asking for verification before starting received command. That means, only legit calls from STRRMTCMD from actual user terminal session are available. Scheme handler is limited to a specific domain and service validation.

As an additional security measure, command once executed, can't be executed any more to prevent reusage by JavaScript code.

How does it work?

When STRRMTCMD is issued from IBM i program, signal data is sent to the web terminal. Web terminal will wrap received command into a special URL with gs-run:  command. As gs-run scheme is register to external program, browser will call external program with given URI scheme data.

NOTE: Demo in video shows gs-run: direct usage for presentation purposes. In a real life scenario, it will be enough to call standard STRRMTCMD without gs-run: prefix. No changes required in your IBM i programs and CL scripts.  

For an example, when STRPCCMD CMD(notepad.exe c:\data.log) is called, web terminal will generate something like this.

gs-run:MTU5MDEzODIxMTU2NXwtMTkyNDExNTc2OHwzNzY5Mjk3OHxodHRwOi8vbG9jYWxob3N0|bm90ZXBhZC5leGU=

This is actually a base64 encoded 2 segments of data. When decoded, it looks like an example below.

gs-run:1590137000769|-1924115768|36436380|http://localhost:80|notepad.exe c:\data.log

Numbers in front are special tokens used to identify terminal session, Green Screens server url, and actual command to execute. When browser start a gs-run: schema registered program, passed parameters will be decoded, and sent for a verification by Green Screens Terminal server. Received desktop command will be executed only  if data and session are confirmed.

Browser support

Module is tested and fully supported under any WebKit based browsers as Google Chrome, MS Edge, Opera and many more.  Firefox is also supported.

NOTE: New gs-run: feature is compatible with incomming Green Screens Server 4.2.2 or newer. For older versions, we will provide a custom activation script which needs to be added through WebAdmin console.