|
midrange.com
Hello:
I think another good idea may be the use of a *VLDL to store the
username and password, it may need some API programming but it can provide
all the encryption needed for passwords.
----- Original Message -----
From: Alex Garrison <agarrison@logtech.com>
To: <JAVA400-L@midrange.com>
Sent: Thursday, December 30, 1999 10:25 AM
Subject: Re: HELP on SECURITY...
> Victor,
>
> Creating user profiles is the most straightforward solution. You can then
> use the toolbox to call the QSYGETPH os/400 api to validate the password.
>
> If 1000 is too many user profiles how about:
> 1. create a physical file with the user names and passwords.
> 2. Set the authority on the file so that everyone is excluded except a
> single user profile.
> 3. Write an rpg program that will accept a user name and password as
inputs
> and return a true/false answer.
> 4. Have your servlet use the toolbox rec level i/o classes to connect to
the
> as/400 using that single user profile from step 2. Then have the servlet
> call the rpg program you wrote in step 3.
>
> Since only one user profile can access the physical file with the actual
> password, the file is almost as secure as being encrypted. Since your
> servlet would only get true/false answers back from the rpg program, noone
> could misuse your servlet to dump the contents of the file.
>
> Anyone else have an idea?
>
> Alex Garrison
>
> ----- Original Message -----
> From: Victor Rodrigue <vr19089@icil.co.in>
> To: Sndjava (E-mail) <JAVA400-L@midrange.com>
> Sent: Thursday, December 30, 1999 3:22 AM
> Subject: HELP on SECURITY...
>
>
> > Hello All,
> >
> > I am crrently involved in design on a system on the AS/400. This is a
kind
> > of employee database with around
> > 1000 users. We've got a V4R2 and planning to use Servlets.
> >
> > Well the problem is to manage these many users.
> >
> > One idea was to have a data file with these users, authority level and
> > password. The problem
> > out here is how to encrypt the password in this datafile.
> >
> > Any help, suggestions or opinions. And also if anyone has already worked
> on
> > this.
> > Also if someone could suggest some security features which i ought to
> > consider, as this database is going to be
> > web enabled.
> >
> > Thanks in advance,
> > regards,
> > Victor Rodrigues
> >
> > +---
> > | This is the JAVA/400 Mailing List!
> > | To submit a new message, send your mail to JAVA400-L@midrange.com.
> > | To subscribe to this list send email to JAVA400-L-SUB@midrange.com.
> > | To unsubscribe from this list send email to
> JAVA400-L-UNSUB@midrange.com.
> > | Questions should be directed to the list owner: joe@zappie.net
> > +---
> >
>
> +---
> | This is the JAVA/400 Mailing List!
> | To submit a new message, send your mail to JAVA400-L@midrange.com.
> | To subscribe to this list send email to JAVA400-L-SUB@midrange.com.
> | To unsubscribe from this list send email to
JAVA400-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner: joe@zappie.net
> +---
>
+---
| This is the JAVA/400 Mailing List!
| To submit a new message, send your mail to JAVA400-L@midrange.com.
| To subscribe to this list send email to JAVA400-L-SUB@midrange.com.
| To unsubscribe from this list send email to JAVA400-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: joe@zappie.net
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
