a portion of the current web that pulls info from the AS/400 only works
if the QTMHHTTP is given WAY more authority than it should) among
othre issues.

I solved that problem by writing a plug-in for the HTTP server, and bypassing 
IBM's CGI interface.  This is very important in a setting where security is a 
consideration.  Most applications should run under an individual user profile, 
in secure settings.  IT administrators should be able to see who is running 
what, and how much CPU and I/O they're using, and what locks they've allocated, 
and the time of their last access, and stuff like that.

Web applications may run under various environments (development, evaluation, 
production, etc.) where certain users may only be authorized to certain 
environments. Different environments may even contain different versions of the 
applications. Administrators may want to enable certain environments only 
during certain days, or during certain hours of the day.

Certain users may be restricted to specific client data libraries or different 
physical file members if client data is stored in different physical file 
members. Certain users may be restricted to data pertaining to certain fiscal 
years, where fiscal year data may be stored in certain libraries or physical 
file members.

Web applications may need to be accessible on different domain names, where say 
one domain may be accessible only from a local area network, while another 
domain may be accessible from the Internet, where certain users may be 
authorized to one domain, but not another.

Web applications may need to be accessible from only a menuing system, with no 
option of book marking the entry point, or any other point within the 
application, where certain users are only authorized to certain menus, or only 
authorized to certain items on the menu.

Web applications may need to expose different functionality, depending on which 
menu item it was bound to when the application was launched, or when a user 
accessed the application for the first time.

When sessions expire, users may need to be automatically redirected by to the 
menu. 

Certain users may only be authorized to certain records in a table, or certain 
fields in a record. Certain users may be able to view records pertaining to one 
fiscal year, location code, client, or whatever, but able to update records for 
another fiscal year, location code, client, or whatever.
 
The mechanics of "authorization" need to be easily configurable.

I'm glad that Joe Pluta warns people about ODBC and its close cousins in the 
.Net world, which is essentially based on the premise that security is 
secondary to accessibility.

If users need to query and manipulate data via ODBC, then how about providing 
export capabilities in applications, where users can only export data to their 
PC that they're authorized to? 

The ODBC problem is compounded when talking about environments supporting 
software as a service, where applications are hosted on a single server, but 
support many different companies, where each company needs to be secure. ODBC 
connections require quite a bit of overhead too, especially is situations where 
applications are querying security configuration files to know whether the 
current user has authority to a hyperlink, or authority to a record, field, or 
whatever.

Nathan.


 
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.