• Subject: Re: HELP on SECURITY...
  • From: "Alex Garrison" <agarrison@xxxxxxxxxxx>
  • Date: Thu, 30 Dec 1999 08:25:21 -0500

Victor,

Creating user profiles is the most straightforward solution.  You can then
use the toolbox to call the QSYGETPH os/400 api to validate the password.

If 1000 is too many user profiles how about:
1. create a physical file with the user names and passwords.
2. Set the authority on the file so that everyone is excluded except a
single user profile.
3. Write an rpg program that will accept a user name and password as inputs
and return a true/false answer.
4. Have your servlet use the toolbox rec level i/o classes to connect to the
as/400 using that single user profile from step 2. Then have the servlet
call the rpg program you wrote in step 3.

Since only one user profile can access the physical file with the actual
password, the file is almost as secure as being encrypted.  Since your
servlet would only get true/false answers back from the rpg program, noone
could misuse your servlet to dump the contents of the file.

Anyone else have an idea?

Alex Garrison

----- Original Message -----
From: Victor Rodrigue <vr19089@icil.co.in>
To: Sndjava (E-mail) <JAVA400-L@midrange.com>
Sent: Thursday, December 30, 1999 3:22 AM
Subject: HELP on SECURITY...


> Hello All,
>
> I am crrently involved in design on a system on the AS/400. This is a kind
> of employee database with around
> 1000 users. We've got a V4R2 and planning to use Servlets.
>
> Well the problem is to manage these many users.
>
> One idea was to have a data file with these users, authority level and
> password. The problem
> out here is how to encrypt the password in this datafile.
>
> Any help, suggestions or opinions. And also if anyone has already worked
on
> this.
> Also if someone could suggest some security features which i ought to
> consider, as this database is going to be
> web enabled.
>
> Thanks in advance,
> regards,
> Victor Rodrigues
>
> +---
> | This is the JAVA/400 Mailing List!
> | To submit a new message, send your mail to JAVA400-L@midrange.com.
> | To subscribe to this list send email to JAVA400-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
JAVA400-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner: joe@zappie.net
> +---
>

+---
| This is the JAVA/400 Mailing List!
| To submit a new message, send your mail to JAVA400-L@midrange.com.
| To subscribe to this list send email to JAVA400-L-SUB@midrange.com.
| To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: joe@zappie.net
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.