× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2000

RE: Protect WEB pages on AS/400

  • Subject: RE: Protect WEB pages on AS/400
  • From: "Stone, Brad V (TC)" <bvstone@xxxxxxxxxxxxxx>
  • Date: Tue, 21 Mar 2000 17:16:54 -0600
 
OH!  I understand now.

Will the protect directive work for you?  Here's a simple one that I have
that pops up the user id and password box and verifies against a validation
list that I can maintain.  You can also have it check agains existing user
ids and passwords on the AS/400.  If you want an example for that instead,
let me know.

Protection SECUREP {   
   AuthType BASIC      
   ServerID MyServer.com     
   PasswdFile QGPL/SECURE         
   GetMask All                       
   PostMask All                      
}                                    
#------------------------------------
Protect /secure/* SECUREP     

This will pop up a validation window and only allow users into the protected
dir if they have an id and Password.

Brad

-----Original Message-----
From: Andrei Centea [mailto:acentea@canadelle.com]
Sent: Tuesday, March 21, 2000 1:47 PM
To: MIDRANGE-L@midrange.com
Subject: RE: Protect WEB pages on AS/400


Brad,

Sorry, I might not have been clear from the beginning.

Lotus HTTP serves user QNOTES, as IBM HTTP server user QTMHHTTP. If I play
with generic users, I play with ALL folder access, I allow or restrict
access for everybody.

This is not my goal. I want differentiate access for certain users, on some
folders or pages. Front Page has security facilities that can enable that.
The same web ported to NT enables this security and users have to fill USER
and PASSWORD to access the page. But it requires a NTFS box. Ported back to
AS/400, where we want the pages to be hosted, the protection is disabled.

It might be a Front Page issue or an AS/400 one or a LOTUS one ... Hidden
scripts, proprietary to Microsoft and not compatible with NOTES
implementation on AS/400, might be used.

If this is the case, all goes beyond my poor web knowledge and beyond the
goal of my posting ...




Thx anyway

Andrei Centea
Sara Lee Branded Apparel of Canada (Canadelle)
Montreal



-----Original Message-----
From: owner-midrange-l@midrange.com [mailto:owner-midrange-l@midrange.com]
Sent: Tuesday, March 21, 2000 12:56 PM
To: 'MIDRANGE-L@midrange.com'
Subject: RE: Protect WEB pages on AS/400


I don't quite follow.

The IBM HTTP server uses user profile QTMHHTTP for serving documents, so
this user profile is the only one that needs authority to documents you are
making available on the web.

I'm not sure if it's different for Domino, but there is probably a user id
similar to QTMHHTTP that needs authority for web pages, so you can set up
*PUBLIC with *EXCLUDE.

People surfing the web are anonymous to the AS/400 web security, so it
makes
no difference if they are a user or not of your machine.  This is the
purpose of the QTMHHTTP user profile to act as a "liaison" for people
surfing the web.

I would strongly suggest getting support from the Domino folks who set it
up.  If there isn't something similar to the "one user profile for serving
HTTP stuff" than there's a serious flaw.  But I assume there is such a
profile.

Brad


-----Original Message-----
From: Andrei Centea [mailto:acentea@canadelle.com]
Sent: Tuesday, March 21, 2000 9:32 AM
To: MIDRANGE-L@midrange.com
Subject: RE: Protect WEB pages on AS/400


Brad


I'm in your fan club ... and a strong user of SPLTOOL & FTPTOOL & CO.

Still, CHGAUT doesn't work.

On this stage of our application, AS/400 is only hosting the web. The main
web and its subwebs, defined in ROOT \ LOTUS \ DOMINO \ DATA \ DOMINO \
HTML
\ ... are targeted by all kind of users. Some of them are AS/400 users,
others are not and will never be.

That makes all references to OS/400 authorities irrelevant, as you cannot
refer non-existent users.

I defined the links to be portable. Transfering the web structure on an
NTFS
machine, it works well and restrictions can be applied. On the IFS, it
works
well except *PUBLIC which is entitled to surf all. Even if I put *PUBLIC
*NONE, they can surf in peace.

It might be linked to the fact that I don't use IBM's HTTP server but the
DOMINO one on the AS/400?


Other opinions ?


Thx,

Andrei Centea
Sara Lee Branded Apparel of Canada (Canadelle)
514-723-8428

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Yup... CHGAUT command.

First exclude public from dirs and files for the webs.  Then grant at least
*R to files, dirs used for web pages.

How I do it after initial setup is to use FTPTOOL to execute a program
after
a PUT is done with FTP.  This submits a job with a delay of 5 seconds and
does a CHGAUT on the file uploaded (which is sent as a parm from FTPTOOL).
Works like a charm.

FTPTOOL can be downloaded at www.bvstools.com

Brad
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
( ... ) I just finished some WEB pages made with FRONT PAGE and have hosted
them on
AS/400 for our Intranet, on the DOMINO server. All is fine, except their
*public authority which is granted by default. So I want to manage
permissions / restrictions similar with doing it with Front Page on any NT
box.

Unfortunately, Front Page can manage the security of webs and subwebs only
if they are hosted on an NTFS machine. And OS/400 authorities for
the AS/400 objects in IFS cannot be applied here.

Has anybody succeeded a workaround?

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.