× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. August 2018

Re: web app security - user profile or validation list?

So you want to link a non-IBM i profile to an actual IBM i profile?

So if JOESMITH signs in, and doesn't have an IBM i profile you link it to
another ID?

Bradley V. Stone
www.bvstools.com
MAILTOOL Benefit #17 <https://www.bvstools.com/mailtool.html>: Compatible
with Google/Gmail/G Suite, Outlook.com, Microsoft Office 365 as well as
most other SMTP servers and relays. No tricks, gimmicks or relays needed.
MAILTOOL is set up just like a PC or mobile device with the appropriate
outgoing mail router information and well as the proper authentication.

On Tue, Aug 21, 2018 at 10:53 AM Steve Richter <stephenrichter@xxxxxxxxx>
wrote:

not sure how users should login to a PHP web page and access the IBM i
database. Are there good solutions?

Initially I was using basic authentication. The browser would prompt for
user name and password. The PHP code would then store the user name and
pass in $_SERVER variables. PHP_AUTH_USER and PHP_AUTH_PW.

This worked. But the process is a bit confusing. But more so, what to do
when adding a web user who does not have an IBM i user profile?

So I changed to using validation lists. Which are easier to work with in a
SPA type web page. And the login prompt is a bootstrap modal that looks
better.

The problem with validation list is how to run code on the server under the
IBM i user profile of the web user? I know about the QSYGETPH and QWTSETP
APIs which allows a job to change its user profile. But you need the
password of the user to do this. Where to securely store the password? Or
give QTMHHTTP authority to switch to a user profile without the password.
Which means any code running in PHP can switch to another user profile?

Is there guidance from IBM on how to limit access to tables and programs to
specific user profiles when running PHP web code?
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.