If it doesn't do profile swapping (like CGI or ODBC), what is, a dispatcher app running as a privileged user?



-----Original Message-----
From: Nathan Andelin [mailto:nandelin@xxxxxxxxx]
Sent: Tuesday, December 27, 2016 3:15 PM
To: Web Enabling the IBM i (AS/400 and iSeries) <web400@xxxxxxxxxxxx>
Subject: Re: [WEB400] In-house authentication & authorization


How would it supplement OS security?


I'm just suggesting that developers may supplement OS security by including program logic which checks user authority to anything exposed by the program (i.e. does a user have authority to approve a purchase order or
invoice?)

I'm suggesting that such logic can be part of a framework, so that it is easy to implement.

If your server program is running as a named user, that will be the user
the OS uses for authorization regardless of the end-user (unless it
does user swapping like CGI).


We use a web portal which launches new IBM i JOBs when users click on menu items. Those JOBs run under the IBM i user profile assigned to the users.
Each JOB handles requests pertaining to just that user. We don't "swap"
profiles like your CGI example.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.