We too needed to secure an iSeries intranet site but: 1) didn't want the overhead of maintaining a System Directory UserId/pw for every user, 2) didn't want to fool with LDAP and 3) didn't want to write something that relied on a PF in QSYS.LIB. That pretty much left Validation Lists.
Using the samples in WEBSECURE we configured a *VLDL system that served the basic purpose. There is also a green-screen interface to *VLDL available at http://archive.midrange.com/web400/200508/msg00115.html. The downside is that there is no out-of-the-box management system to expire unused accounts and allow users to maintain their own logon information. If I knew more about Java programming it would probably be just a matter of downloading some open-source code, but coming from the RPG world I was not able to locate a management system for free or purchase. Guess we'll have to write something... If anyone knows more I'd sure like to hear about it. JK > I have a question for CGIDEV2 developers who have developed (or > thought about) applications with a form of user validation and page security, but do create a user profile for each unique user. > > That is to say, they do not want to use AS400(or NT/UNIX) > userID/password (with or without authorization lists) because there are potentially too many users or have other business reason(s) not to do this. > > My question is: what strategy of validation/page security are you using? What are advantages/disadvantages of your method and is it suitable for the WWW as well as a controlled intranet. > > ** Examples: > Validate against a PF list of user/passwords and pass a "user" token variable from page to page, validate against IP address or other environment variable, use the same password for everybody, create and store a temporary cookie on the client which is verified on each page, use CGIDEV2 persistence... > > Also is "too many users" a good excuse for not using as/400 user profiles/auth lists to validate users? > > marty Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/Easy400Group/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
