MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » June 2014

RE: Password checking for web service calls



fixed

Have you thought of using the QSYCHGPR (Change last signed on date) API in conjunction with a profile swap/unswap?

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of James H. H. Lampert
Sent: Tuesday, June 10, 2014 10:07 AM
To: Midrange Systems Technical Discussion
Subject: Password checking for web service calls

Question:

I need to validate that a web service, running under IWS, is being called by a legitimate user with a correct password. (Needless to say, it's being called through HTTPS.)

The only way I know of to do a programmatic password check is with a QSYGETPH. Even though I never actually *use* the profile handle returned.

The docs for QSYGETPH say that it will run out of space if you call it more than 20k times within a single job. And with a web service, there's every reason to expect that limit to be exceeded.

Is there some other way of programmatically checking password validity, one I'm not aware of, one that just gives me a yes/no answer, without generating profile handles I'm not actually using?

--
JHHL
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact