WebSphere HTTP Server - Securing a web site on iSeries IFS with Apache

This is Interesting: Free IT Magazines  
Home > Archive > WebSphere HTTP Server > April 2004 > Securing a web site on iSeries IFS with Apache





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Securing a web site on iSeries IFS with Apache
Fournier François

2004-04-19, 11:33 am

I'm trying to secure a web site based on the iSeries IFS. The goal is that
anyone that is not explictly define in the authorization list of an object
(html, pdf) cannot access this object.

For that, i'm using PasswdFile %%SYSTEM%% and UserID %%CLIENT%% which force
the user to sign on with a valid OS/400 Id and password.
This works great if the user is enrolled in the authorization list of the
invoke object. In this case, the user can or not access to the object
depending of the authorization.

But if the user IS NOT in the authorization list of the object, access is
allowed even if 'Public' is set to '*EXCLUDE'. Why this ?

Because objects are created on demand by a RPG application, I wish give
authorization only to the user that is the requester. It is not possible
(and not secure...) to add an authorization entry to the object for each
OS/400 user with *EXCLUDE authority.

Can somebody help me ? Thanks

Here is the configuration :

iSeries V5R2M0
HTTP server Apache 2.0.47

Context for the directory :
<Directory /XXXX/>
Allow From all
Require valid-user
PasswdFile %%SYSTEM%%
UserID %%CLIENT%%
AuthType Basic
AuthName profile
ProfileToken On
</Directory>


Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2009 webservertalk.com