On 1/5/06, itpweb1 <[EMAIL PROTECTED]> wrote: > I have a question for CGIDEV2 developers who have developed (or > thought about) applications with a form of user validation and page > security, but do create a user profile for each unique user. > > That is to say, they do not want to use AS400(or NT/UNIX) > userID/password (with or without authorization lists) because there > are potentially too many users or have other business reason(s) not to > do this. > > My question is: what strategy of validation/page security are you > using? What are advantages/disadvantages of your method and is it > suitable for the WWW as well as a controlled intranet.
There is a discussion and tutorial of this very topic on the Easy400 site (http://www-922.ibm.com/en) - see Deliverables then "Web Security Made Easy". Validation lists along with existing Apache capabilities might just fill the bill. > Also is "too many users" a good excuse for not using as/400 user > profiles/auth lists to validate users? A better excuse is to eliminate the possibility that the user can access anything but the web site. If you create user profiles you have to worry about securing everything else on the system. Good luck -- Tom Jedrzejewicz [EMAIL PROTECTED] Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/Easy400Group/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
