× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2002

Re: Exit Point Question/profile switching...

Tim:

On Fri, 12 April 2002, "Hatzenbeler, Tim" wrote

>       Is this possible and if so is there a simple CL command to do
it?
> I would like to add a exit point program to QIBM_QZDA_INIT to
switch the
> userprofile to a less powerful profile (for users not found in
a control
> table).

Profile swapping in exit programs is certainly possible through
the use of various Security APIs, but there are numerous
difficulties.

Example -- It's generally trivial to determine at what moment to
swap the chosen profile _IN_ because most exit points are
structured to call the associated exit program just before the
given transaction is executed. Unfortunately, it can be much more
difficult to swap the profile back _OUT_. Perhaps this won't be a
problem for you depending on exactly how you'll use the APIs, but
it can really be trouble at some points in some exits.

Also, you may need to take care how your exit program is secured.
You'll essentially be creating a program that all of your users
(plus perhaps the QTCP, QUSER and a few other system profiles)
will have authority to call and the program will perform a
profile swap. I suspect this won't be a program that you'll want
anyone ever calling from a command line or via means other than
through the server that you register it against.

I can't do much more than point out _some_ problem areas because
this is a feature (switch profiles) included in the PowerLock
NetworkSecurity product sold by my employer. (I'm not even sure
if I'm allowed to say as much as I already have.) Just be aware
that this is definitely _NOT_ a small, easy project. Tweaking
security values within exit programs can be a tough item to hang
your job on.

Tom Liotta

--
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788
Fax  253-872-7904
http://www.400Security.com
___________________________________________________
The ALL NEW CS2000 from CompuServe
 Better!  Faster! More Powerful!
 250 FREE hours! Sign-on Now!
 http://www.compuserve.com/trycsrv/cs2000/webmail/

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.