Re: In-house authentication & authorization -- WEB400

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

If it doesn't do profile swapping (like CGI or ODBC), what is, a dispatcher app running as a privileged user?

-----Original Message-----
From: Nathan Andelin [mailto:nandelin@xxxxxxxxx]
Sent: Tuesday, December 27, 2016 3:15 PM
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Subject: Re: [WEB400] In-house authentication & authorization

How would it supplement OS security?

I'm just suggesting that developers may supplement OS security by including program logic which checks user authority to anything exposed by the program (i.e. does a user have authority to approve a purchase order or
invoice?)

I'm suggesting that such logic can be part of a framework, so that it is easy to implement.

If your server program is running as a named user, that will be the user

the OS uses for authorization regardless of the end-user (unless it
does user swapping like CGI).

We use a web portal which launches new IBM i JOBs when users click on menu items. Those JOBs run under the IBM i user profile assigned to the users.
Each JOB handles requests pertaining to just that user. We don't "swap"
profiles like your CGI example.

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.