× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  • Subject: RE: Protect WEB pages on AS/400
  • From: "Stone, Brad V (TC)" <bvstone@xxxxxxxxxxxxxx>
  • Date: Tue, 21 Mar 2000 11:56:03 -0600

I don't quite follow.

The IBM HTTP server uses user profile QTMHHTTP for serving documents, so
this user profile is the only one that needs authority to documents you are
making available on the web.

I'm not sure if it's different for Domino, but there is probably a user id
similar to QTMHHTTP that needs authority for web pages, so you can set up
*PUBLIC with *EXCLUDE.

People surfing the web are anonymous to the AS/400 web security, so it makes
no difference if they are a user or not of your machine.  This is the
purpose of the QTMHHTTP user profile to act as a "liaison" for people
surfing the web.

I would strongly suggest getting support from the Domino folks who set it
up.  If there isn't something similar to the "one user profile for serving
HTTP stuff" than there's a serious flaw.  But I assume there is such a
profile.

Brad


-----Original Message-----
From: Andrei Centea [mailto:acentea@canadelle.com]
Sent: Tuesday, March 21, 2000 9:32 AM
To: MIDRANGE-L@midrange.com
Subject: RE: Protect WEB pages on AS/400


Brad


I'm in your fan club ... and a strong user of SPLTOOL & FTPTOOL & CO.

Still, CHGAUT doesn't work.

On this stage of our application, AS/400 is only hosting the web. The main
web and its subwebs, defined in ROOT \ LOTUS \ DOMINO \ DATA \ DOMINO \ HTML
\ ... are targeted by all kind of users. Some of them are AS/400 users,
others are not and will never be.

That makes all references to OS/400 authorities irrelevant, as you cannot
refer non-existent users.

I defined the links to be portable. Transfering the web structure on an NTFS
machine, it works well and restrictions can be applied. On the IFS, it works
well except *PUBLIC which is entitled to surf all. Even if I put *PUBLIC
*NONE, they can surf in peace.

It might be linked to the fact that I don't use IBM's HTTP server but the
DOMINO one on the AS/400?


Other opinions ?


Thx,

Andrei Centea
Sara Lee Branded Apparel of Canada (Canadelle)
514-723-8428

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Yup... CHGAUT command.

First exclude public from dirs and files for the webs.  Then grant at least
*R to files, dirs used for web pages.

How I do it after initial setup is to use FTPTOOL to execute a program
after
a PUT is done with FTP.  This submits a job with a delay of 5 seconds and
does a CHGAUT on the file uploaded (which is sent as a parm from FTPTOOL).
Works like a charm.

FTPTOOL can be downloaded at www.bvstools.com

Brad
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
( ... ) I just finished some WEB pages made with FRONT PAGE and have hosted
them on
AS/400 for our Intranet, on the DOMINO server. All is fine, except their
*public authority which is granted by default. So I want to manage
permissions / restrictions similar with doing it with Front Page on any NT
box.

Unfortunately, Front Page can manage the security of webs and subwebs only
if they are hosted on an NTFS machine. And OS/400 authorities for
the AS/400 objects in IFS cannot be applied here.

Has anybody succeeded a workaround?

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.