RE : Re: OT: Prevent MT Login

[lmame]

Yes you trap the login in function dologin (I'm not sure of the function name) 
which is called when you submit the login and do a simple check on the username 
and if it matches, you exit the function.

I guess it would be hardcoded or you could use jquery to query a distant page 
to check the username.
I guess there could be a way to gather a js code from this page as well and 
eval it but in the end it wouldn't resist a lot of time...



Mobilis in Mobile

 Message d'origine 
De : Jason Miller  
Date : 10/09/2013  0:09  (GMT+01:00) 
A : arslist@ARSLIST.ORG 
Objet : Re: OT: Prevent MT Login 
 
**
I think the javascript solution should be a last resort kind of thing.  I am 
glad a few people have pointed out Disable-Client-Operations which I am hoping 
will work instead of javascript changes for the reasons mentioned.

Although for the sake of discussion I am still trying to figure out how this 
would work using javascript.  Do you hard code the username in the JS?  Do you 
create a database table to store the limited users and they create JS to query 
that upon login?  All of the ways I can think of do not scale well, add 
vulnerabilities and extra development/maintenance effort.

Jason


On Fri, Sep 6, 2013 at 1:41 PM, laurent matheo  wrote:
**
Yep, and the other problem with javascript on login.jsp is that if he knows the 
"login trick" giving credentials in the url the "sorry pal I got you" trap in 
login.jsp wouldn't work.
In this case you could alter the LoginServlet instead I guess, though that 
would mean quite some work...

Another solution would be to create a keylogger that would detect what 
keystrokes he hits and automatically delete according text. (and send him back 
a 110V jolt through his keyboard).


On 06 Sep, 2013,at 10:29 PM, Joe D'Souza  wrote:

True.. java scripts written on the login page are subject to break when you 
update a patch unless you manually fix the page again. Workflow approach will 
not have that limitation..

 

Joe

 

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury
Sent: Friday, September 06, 2013 4:23 PM
To: arslist@ARSLIST.ORG
Subject: Re: OT: Prevent MT Login

 

It would Ken. It's up to the poster. I would think writing workflow is easier 
then getting JavaScript in so who knows. 

Sent from my iPhone


On Sep 6, 2013, at 4:20 PM, "Cecil, Ken"  wrote:

**

My suggestion was neither.

 

Use javascript to catch the user id in the submit of the midtier login.jsp page 
and redirect that user to an error page.

 

 

Ken.

 

Would it not work?

 

Ken.

 

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:19 PM
To: arslist@ARSLIST.ORG
Subject: Re: OT: Prevent MT Login

 

**

I agree it it is either workflow or a BMC provided option baked into the 
product.

 

On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza  wrote:

**

Na.. those were beautiful! I wish I get to see them at least once again before 
I don’t have to travel to Alaska no more.. My next trip is scheduled to be my 
last..

 

I like the DNS spoofing idea from Tauf – only that these days most IT employees 
are smart enough to realize what’s happening, and if they have access to edit 
their own host file, could revert it back.

 

I really don’t think there is a fool proof non workflow mechanism that can’t 
get in legal trouble to do what needs to be done. Workflow seems to be the 
safest bet.

 

Joe

 

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:11 PM
To: arslist@ARSLIST.ORG
Subject: Re: Prevent MT Login

 

**

Wow Joe, wow  8-)    I wonder if there is some radiation coming off the Aurora 
and soaking into your brain...

 

On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza  wrote:

PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented suc

Re: OT: Prevent MT Login

[Jason Miller]

I think the javascript solution should be a last resort kind of thing.  I
am glad a few people have pointed out Disable-Client-Operations which I am
hoping will work instead of javascript changes for the reasons mentioned.

Although for the sake of discussion I am still trying to figure out how
this would work using javascript.  Do you hard code the username in the JS?
 Do you create a database table to store the limited users and they create
JS to query that upon login?  All of the ways I can think of do not scale
well, add vulnerabilities and extra development/maintenance effort.

Jason


On Fri, Sep 6, 2013 at 1:41 PM, laurent matheo  wrote:

> **
> Yep, and the other problem with javascript on login.jsp is that if he
> knows the "login trick" giving credentials in the url the "sorry pal I got
> you" trap in login.jsp wouldn't work.
> In this case you could alter the LoginServlet instead I guess, though that
> would mean quite some work...
>
> Another solution would be to create a keylogger that would detect what
> keystrokes he hits and automatically delete according text. (and send him
> back a 110V jolt through his keyboard).
>
>
> On 06 Sep, 2013,at 10:29 PM, Joe D'Souza  wrote:
>
> True.. java scripts written on the login page are subject to break when
> you update a patch unless you manually fix the page again. Workflow
> approach will not have that limitation..
>
>
>
> Joe
>
>
> --
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] *On Behalf Of *Tauf Chowdhury
> *Sent:* Friday, September 06, 2013 4:23 PM
> *To:* arslist@ARSLIST.ORG
> *Subject:* Re: OT: Prevent MT Login
>
>
>
> It would Ken. It's up to the poster. I would think writing workflow is
> easier then getting JavaScript in so who knows.
>
> Sent from my iPhone
>
>
> On Sep 6, 2013, at 4:20 PM, "Cecil, Ken"  wrote:
>
> **
>
> My suggestion was neither.
>
>
>
> *Use javascript to catch the user id in the submit of the midtier
> login.jsp page and redirect that user to an error page.*
>
> * *
>
> * *
>
> *Ken.*
>
>
>
> Would it not work?
>
>
>
> Ken.
>
>
>
> *From:* Action Request System discussion list(ARSList) [
> mailto:arslist@ARSLIST.ORG ] *On Behalf Of *Jason
> Miller
> *Sent:* Friday, September 06, 2013 4:19 PM
> *To:* arslist@ARSLIST.ORG
> *Subject:* Re: OT: Prevent MT Login
>
>
>
> **
>
> I agree it it is either workflow or a BMC provided option baked into the
> product.
>
>
>
> On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza  wrote:
>
> **
>
> Na.. those were beautiful! I wish I get to see them at least once again
> before I don’t have to travel to Alaska no more.. My next trip is scheduled
> to be my last..
>
>
>
> I like the DNS spoofing idea from Tauf – only that these days most IT
> employees are smart enough to realize what’s happening, and if they have
> access to edit their own host file, could revert it back.
>
>
>
> I really don’t think there is a fool proof non workflow mechanism that
> can’t get in legal trouble to do what needs to be done. Workflow seems to
> be the safest bet.
>
>
>
> Joe
>
>
> --
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] *On Behalf Of *Jason Miller
> *Sent:* Friday, September 06, 2013 4:11 PM
> *To:* arslist@ARSLIST.ORG
> *Subject:* Re: Prevent MT Login
>
>
>
> **
>
> Wow Joe, wow  8-)I wonder if there is some radiation coming off the
> Aurora and soaking into your brain...
>
>
>
> On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza  wrote:
>
> PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
> user might have access too if the $CLIEMT-TYPE$ = 9..
>
> Why would you have such a requirement though when the future versions does
> not support access through the native User client?
>
> This is a workflow mechanism - it will be impossible to do it with a non
> workflow mechanism. Unless you are free to employ a security guard to stand
> besides that employee and beat the crap out of him if he tries to log in
> through the mid tier.. That would be a non workflow mechanism :) -
> primitive
> - but will work.. :)
>
> Joe
>
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma
> Sent: Friday, September 06, 2013 3:59 PM
> To: arslist@ARSLIST.ORG
> Subject: Prevent MT Login
>
>
> Hi Listers,
>
> I have a requirement to prevent a parti

Re: OT: Prevent MT Login

[Jason Miller]

I agree it it is either workflow or a BMC provided option baked into the
product.


On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza  wrote:

> **
>
> Na.. those were beautiful! I wish I get to see them at least once again
> before I don’t have to travel to Alaska no more.. My next trip is scheduled
> to be my last..
>
> ** **
>
> I like the DNS spoofing idea from Tauf – only that these days most IT
> employees are smart enough to realize what’s happening, and if they have
> access to edit their own host file, could revert it back.
>
> ** **
>
> I really don’t think there is a fool proof non workflow mechanism that
> can’t get in legal trouble to do what needs to be done. Workflow seems to
> be the safest bet.
>
> ** **
>
> Joe
>
> ** **
>  --
>
> *From:* Action Request System discussion list(ARSList) [mailto:
> arslist@ARSLIST.ORG] *On Behalf Of *Jason Miller
> *Sent:* Friday, September 06, 2013 4:11 PM
> *To:* arslist@ARSLIST.ORG
> *Subject:* Re: Prevent MT Login
>
> ** **
>
> ** 
>
> Wow Joe, wow  8-)I wonder if there is some radiation coming off the
> Aurora and soaking into your brain...
>
> ** **
>
> On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza  wrote:
>
> PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
> user might have access too if the $CLIEMT-TYPE$ = 9..
>
> Why would you have such a requirement though when the future versions does
> not support access through the native User client?
>
> This is a workflow mechanism - it will be impossible to do it with a non
> workflow mechanism. Unless you are free to employ a security guard to stand
> besides that employee and beat the crap out of him if he tries to log in
> through the mid tier.. That would be a non workflow mechanism :) -
> primitive
> - but will work.. :)
>
> Joe
>
>
> -Original Message-
> From: Action Request System discussion list(ARSList)
> [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma
> Sent: Friday, September 06, 2013 3:59 PM
> To: arslist@ARSLIST.ORG
> Subject: Prevent MT Login
>
>
> Hi Listers,
>
> I have a requirement to prevent a particular user to be able login through
> mid tier but same user should be able to login to client tools. Has anyone
> implemented such requirement? What can be the best way to achieve this?
>
> Specifically looking for a non-workflow mechanism.
>
> Regards,
> Aditya
>
> Sent from my BlackBerryR smartphone from !DEA
>
>
>
> ___
> UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
> "Where the Answers Are, and have been for 20 years"
>
> ** **
>
> _ARSlist: "Where the Answers Are" and have been for 20 years_ 
>  _ARSlist: "Where the Answers Are" and have been for 20 years_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: OT: Prevent MT Login

[Joe D'Souza]

That's a pretty sleek solution..

 

Joe

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Randeep Atwal
Sent: Friday, September 06, 2013 4:24 PM
To: arslist@ARSLIST.ORG
Subject: Re: OT: Prevent MT Login

 

You could use Disable-Client-Operation: 9 in ar.conf

 

You can specify times and an exclusion group of users it should not apply
to.





Not code, configuration...





Look in your config guide for exact syntax..





Sent from my BlackBerry 10 smartphone on the Bell network.


From: Joe D'Souza

Sent: Friday, September 6, 2013 4:18 PM

To: arslist@ARSLIST.ORG

Reply To: arslist@ARSLIST.ORG

Subject: OT: Prevent MT Login

 

** 

Na.. those were beautiful! I wish I get to see them at least once again
before I don't have to travel to Alaska no more.. My next trip is scheduled
to be my last..

 

I like the DNS spoofing idea from Tauf - only that these days most IT
employees are smart enough to realize what's happening, and if they have
access to edit their own host file, could revert it back.

 

I really don't think there is a fool proof non workflow mechanism that can't
get in legal trouble to do what needs to be done. Workflow seems to be the
safest bet.

 

Joe

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:11 PM
To: arslist@ARSLIST.ORG
Subject: Re: Prevent MT Login

 

** 

Wow Joe, wow  8-)I wonder if there is some radiation coming off the
Aurora and soaking into your brain...

 

On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza  wrote:

PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented such requirement? What can be the best way to achieve this?

Specifically looking for a non-workflow mechanism.

Regards,
Aditya

Sent from my BlackBerryR smartphone from !DEA



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 



_ARSlist: "Where the Answers Are" and have been for 20 years_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: OT: Prevent MT Login

[laurent matheo]

**
Yep, and the other problem with _javascript_ on login.jsp is that if he knows the "login trick" giving credentials in the url the "sorry pal I got you" trap in login.jsp wouldn't work.In this case you could alter the LoginServlet instead I guess, though that would mean quite some work...Another solution would be to create a keylogger that would detect what keystrokes he hits and automatically delete according text. (and send him back a 110V jolt through his keyboard).On 06 Sep, 2013,at 10:29 PM, Joe D'Souza  wrote:True.. _javascript_s written on the login page are subject to break when you update a patch unless you manually fix the page again. Workflow approach will not have that limitation.. Joe From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 4:23 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login It would Ken. It's up to the poster. I would think writing workflow is easier then getting _javascript_ in so who knows.   Sent from my iPhone On Sep 6, 2013, at 4:20 PM, "Cecil, Ken" <kce...@hubbell.com> wrote:** My suggestion was neither. Use _javascript_ to catch the user id in the submit of the midtier login.jsp page and redirect that user to an error page.  Ken. Would it not work? Ken. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:19 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login ** I agree it it is either workflow or a BMC provided option baked into the product. On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza <jdso...@shyle.net> wrote:** Na.. those were beautiful! I wish I get to see them at least once again before I don’t have to travel to Alaska no more.. My next trip is scheduled to be my last.. I like the DNS spoofing idea from Tauf – only that these days most IT employees are smart enough to realize what’s happening, and if they have access to edit their own host file, could revert it back. I really don’t think there is a fool proof non workflow mechanism that can’t get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. Joe From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:11 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login ** Wow Joe, wow  8-)    I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza <jdso...@shyle.net> wrote:PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9..  Why would you have such a requirement though when the future versions does not support access through the native User client?  This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :)  Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login   Hi Listers,  I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this?  Specifically looking for a non-workflow mechanism.  Regards, AdityaSent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_  _ARSlist: "Where the Answers Are" and have been for 20 years_   Confidentiality Requirement: This communication, including any attachment(s), may contain confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that you have received this communication in error and any unauthorized review, use, disclosure, dissemination, distribution or copying of it or its contents is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone or e-mail and destroy all copies of this communication and any attachments.  _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_**_ARSlist: "Where the Answers Are" and have been for 20 years_

Re: OT: Prevent MT Login

[Tauf Chowdhury]

It would Ken. It's up to the poster. I would think writing workflow is
easier then getting JavaScript in so who knows.

Sent from my iPhone

On Sep 6, 2013, at 4:20 PM, "Cecil, Ken"  wrote:

**

My suggestion was neither.



*Use javascript to catch the user id in the submit of the midtier login.jsp
page and redirect that user to an error page.*

* *

* *

*Ken.*



Would it not work?



Ken.



*From:* Action Request System discussion list(ARSList) [
mailto:arslist@ARSLIST.ORG ] *On Behalf Of *Jason
Miller
*Sent:* Friday, September 06, 2013 4:19 PM
*To:* arslist@ARSLIST.ORG
*Subject:* Re: OT: Prevent MT Login



**

I agree it it is either workflow or a BMC provided option baked into the
product.



On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza  wrote:

**

Na.. those were beautiful! I wish I get to see them at least once again
before I don’t have to travel to Alaska no more.. My next trip is scheduled
to be my last..



I like the DNS spoofing idea from Tauf – only that these days most IT
employees are smart enough to realize what’s happening, and if they have
access to edit their own host file, could revert it back.



I really don’t think there is a fool proof non workflow mechanism that
can’t get in legal trouble to do what needs to be done. Workflow seems to
be the safest bet.



Joe


 --

*From:* Action Request System discussion list(ARSList) [mailto:
arslist@ARSLIST.ORG] *On Behalf Of *Jason Miller
*Sent:* Friday, September 06, 2013 4:11 PM
*To:* arslist@ARSLIST.ORG
*Subject:* Re: Prevent MT Login



**

Wow Joe, wow  8-)I wonder if there is some radiation coming off the
Aurora and soaking into your brain...



On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza  wrote:

PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented such requirement? What can be the best way to achieve this?

Specifically looking for a non-workflow mechanism.

Regards,
Aditya

Sent from my BlackBerryR smartphone from !DEA


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"



_ARSlist: "Where the Answers Are" and have been for 20 years_

_ARSlist: "Where the Answers Are" and have been for 20 years_



_ARSlist: "Where the Answers Are" and have been for 20 years_



--
Confidentiality Requirement: This communication, including any
attachment(s), may contain confidential information and is for the sole use
of the intended recipient(s). If you are not the intended recipient, you
are hereby notified that you have received this communication in error and
any unauthorized review, use, disclosure, dissemination, distribution or
copying of it or its contents is strictly prohibited. If you have received
this communication in error, please notify the sender immediately by
telephone or e-mail and destroy all copies of this communication and any
attachments.


_ARSlist: "Where the Answers Are" and have been for 20 years_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

OT - Prevent MT Login

[Sanford, Claire]

This thread had me laughing like crazy and I needed it!


From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury
Sent: Friday, September 06, 2013 3:13 PM
To: arslist@ARSLIST.ORG
Subject: Re: Prevent MT Login

**
Yeah what happened to peace, love, and happiness Joe? Now it's punch, kick, and 
choke Joe.

Sent from my iPhone

On Sep 6, 2013, at 4:11 PM, Jason Miller 
mailto:jason.mil...@gmail.com>> wrote:
**
Wow Joe, wow  8-)I wonder if there is some radiation coming off the Aurora 
and soaking into your brain...

On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza 
mailto:jdso...@shyle.net>> wrote:
PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE 
arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented such requirement? What can be the best way to achieve this?

Specifically looking for a non-workflow mechanism.

Regards,
Aditya
Sent from my BlackBerryR smartphone from !DEA

___
UNSUBSCRIBE or access ARSlist Archives at 
www.arslist.org
"Where the Answers Are, and have been for 20 years"

_ARSlist: "Where the Answers Are" and have been for 20 years_
_ARSlist: "Where the Answers Are" and have been for 20 years_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: OT: Prevent MT Login

[Cecil, Ken]

My suggestion was neither.


Use javascript to catch the user id in the submit of the midtier login.jsp page 
and redirect that user to an error page.





Ken.

Would it not work?

Ken.

From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:19 PM
To: arslist@ARSLIST.ORG
Subject: Re: OT: Prevent MT Login

**
I agree it it is either workflow or a BMC provided option baked into the 
product.

On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza 
mailto:jdso...@shyle.net>> wrote:
**

Na.. those were beautiful! I wish I get to see them at least once again before 
I don't have to travel to Alaska no more.. My next trip is scheduled to be my 
last..



I like the DNS spoofing idea from Tauf - only that these days most IT employees 
are smart enough to realize what's happening, and if they have access to edit 
their own host file, could revert it back.



I really don't think there is a fool proof non workflow mechanism that can't 
get in legal trouble to do what needs to be done. Workflow seems to be the 
safest bet.



Joe


From: Action Request System discussion list(ARSList) 
[mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of Jason 
Miller
Sent: Friday, September 06, 2013 4:11 PM
To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>
Subject: Re: Prevent MT Login

**
Wow Joe, wow  8-)I wonder if there is some radiation coming off the Aurora 
and soaking into your brain...

On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza 
mailto:jdso...@shyle.net>> wrote:
PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe

-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>] On Behalf Of SUBSCRIBE 
arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG<mailto:arslist@ARSLIST.ORG>
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented such requirement? What can be the best way to achieve this?

Specifically looking for a non-workflow mechanism.

Regards,
Aditya
Sent from my BlackBerryR smartphone from !DEA

___
UNSUBSCRIBE or access ARSlist Archives at 
www.arslist.org<http://www.arslist.org>
"Where the Answers Are, and have been for 20 years"

_ARSlist: "Where the Answers Are" and have been for 20 years_
_ARSlist: "Where the Answers Are" and have been for 20 years_

_ARSlist: "Where the Answers Are" and have been for 20 years_



--
Confidentiality Requirement: This communication, including any attachment(s), 
may contain confidential information and is for the sole use of the intended 
recipient(s). If you are not the intended recipient, you are hereby notified 
that you have received this communication in error and any unauthorized review, 
use, disclosure, dissemination, distribution or copying of it or its contents 
is strictly prohibited.  If you have received this communication in error, 
please notify the sender immediately by telephone or e-mail and destroy all 
copies of this communication and any attachments.

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: OT: Prevent MT Login

[Joe D'Souza]

Yup that should work too..

 

Joe

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Cecil, Ken
Sent: Friday, September 06, 2013 4:20 PM
To: arslist@ARSLIST.ORG
Subject: Re: OT: Prevent MT Login

 

My suggestion was neither.

 

Use javascript to catch the user id in the submit of the midtier login.jsp
page and redirect that user to an error page.

 

 

Ken.

 

Would it not work?

 

Ken.

 

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:19 PM
To: arslist@ARSLIST.ORG
Subject: Re: OT: Prevent MT Login

 

** 

I agree it it is either workflow or a BMC provided option baked into the
product.

 

On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza  wrote:

** 

Na.. those were beautiful! I wish I get to see them at least once again
before I don't have to travel to Alaska no more.. My next trip is scheduled
to be my last..

 

I like the DNS spoofing idea from Tauf - only that these days most IT
employees are smart enough to realize what's happening, and if they have
access to edit their own host file, could revert it back.

 

I really don't think there is a fool proof non workflow mechanism that can't
get in legal trouble to do what needs to be done. Workflow seems to be the
safest bet.

 

Joe

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:11 PM
To: arslist@ARSLIST.ORG
Subject: Re: Prevent MT Login

 

** 

Wow Joe, wow  8-)I wonder if there is some radiation coming off the
Aurora and soaking into your brain...

 

On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza  wrote:

PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented such requirement? What can be the best way to achieve this?

Specifically looking for a non-workflow mechanism.

Regards,
Aditya

Sent from my BlackBerryR smartphone from !DEA



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 

 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 

 

 

  _  

Confidentiality Requirement: This communication, including any
attachment(s), may contain confidential information and is for the sole use
of the intended recipient(s). If you are not the intended recipient, you are
hereby notified that you have received this communication in error and any
unauthorized review, use, disclosure, dissemination, distribution or copying
of it or its contents is strictly prohibited. If you have received this
communication in error, please notify the sender immediately by telephone or
e-mail and destroy all copies of this communication and any attachments. 

 

_ARSlist: "Where the Answers Are" and have been for 20 years_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: OT: Prevent MT Login

[Joe D'Souza]

True.. java scripts written on the login page are subject to break when you
update a patch unless you manually fix the page again. Workflow approach
will not have that limitation..

 

Joe

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury
Sent: Friday, September 06, 2013 4:23 PM
To: arslist@ARSLIST.ORG
Subject: Re: OT: Prevent MT Login

 

It would Ken. It's up to the poster. I would think writing workflow is
easier then getting JavaScript in so who knows. 

Sent from my iPhone


On Sep 6, 2013, at 4:20 PM, "Cecil, Ken"  wrote:

** 

My suggestion was neither.

 

Use javascript to catch the user id in the submit of the midtier login.jsp
page and redirect that user to an error page.

 

 

Ken.

 

Would it not work?

 

Ken.

 

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:19 PM
To: arslist@ARSLIST.ORG
Subject: Re: OT: Prevent MT Login

 

** 

I agree it it is either workflow or a BMC provided option baked into the
product.

 

On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza  wrote:

** 

Na.. those were beautiful! I wish I get to see them at least once again
before I don't have to travel to Alaska no more.. My next trip is scheduled
to be my last..

 

I like the DNS spoofing idea from Tauf - only that these days most IT
employees are smart enough to realize what's happening, and if they have
access to edit their own host file, could revert it back.

 

I really don't think there is a fool proof non workflow mechanism that can't
get in legal trouble to do what needs to be done. Workflow seems to be the
safest bet.

 

Joe

 


  _  


From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:11 PM
To: arslist@ARSLIST.ORG
Subject: Re: Prevent MT Login

 

** 

Wow Joe, wow  8-)I wonder if there is some radiation coming off the
Aurora and soaking into your brain...

 

On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza  wrote:

PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented such requirement? What can be the best way to achieve this?

Specifically looking for a non-workflow mechanism.

Regards,
Aditya

Sent from my BlackBerryR smartphone from !DEA



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 

 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 

 

 


  _  


Confidentiality Requirement: This communication, including any
attachment(s), may contain confidential information and is for the sole use
of the intended recipient(s). If you are not the intended recipient, you are
hereby notified that you have received this communication in error and any
unauthorized review, use, disclosure, dissemination, distribution or copying
of it or its contents is strictly prohibited. If you have received this
communication in error, please notify the sender immediately by telephone or
e-mail and destroy all copies of this communication and any attachments. 


_ARSlist: "Where the Answers Are" and have been for 20 years_ 

_ARSlist: "Where the Answers Are" and have been for 20 years_

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

OT: Prevent MT Login

[Joe D'Souza]

Na.. those were beautiful! I wish I get to see them at least once again
before I don't have to travel to Alaska no more.. My next trip is scheduled
to be my last..

 

I like the DNS spoofing idea from Tauf - only that these days most IT
employees are smart enough to realize what's happening, and if they have
access to edit their own host file, could revert it back.

 

I really don't think there is a fool proof non workflow mechanism that can't
get in legal trouble to do what needs to be done. Workflow seems to be the
safest bet.

 

Joe

 

  _  

From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013 4:11 PM
To: arslist@ARSLIST.ORG
Subject: Re: Prevent MT Login

 

** 

Wow Joe, wow  8-)I wonder if there is some radiation coming off the
Aurora and soaking into your brain...

 

On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza  wrote:

PERFORM-APPLICATION-LOGOUT from the home page or any other page that the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe


-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented such requirement? What can be the best way to achieve this?

Specifically looking for a non-workflow mechanism.

Regards,
Aditya

Sent from my BlackBerryR smartphone from !DEA



___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

 

_ARSlist: "Where the Answers Are" and have been for 20 years_ 


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"

Re: OT: Prevent MT Login

[Randeep Atwal]

**
You could use Disable-Client-Operation: 9 in ar.conf You can specify times and an exclusion group of users it should not apply to.Not code, configuration...Look in your config guide for exact syntax.. Sent from my BlackBerry 10 smartphone on the Bell network. From: Joe D'SouzaSent: Friday, September 6, 2013 4:18 PMTo: arslist@ARSLIST.ORGReply To: arslist@ARSLIST.ORGSubject: OT: Prevent MT Login**
















Na.. those were beautiful! I wish I get to
see them at least once again before I don’t have to travel to Alaska no
more.. My next trip is scheduled to be my last..

 

I like the DNS spoofing idea from Tauf –
only that these days most IT employees are smart enough to realize what’s
happening, and if they have access to edit their own host file, could revert it
back.

 

I really don’t think there is a fool
proof non workflow mechanism that can’t get in legal trouble to do what
needs to be done. Workflow seems to be the safest bet.

 

Joe



 









From: Action Request
System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller
Sent: Friday, September 06, 2013
4:11 PM
To: arslist@ARSLIST.ORG
Subject: Re: Prevent MT Login



 

** 



Wow Joe, wow  8-)    I wonder if there is some radiation
coming off the Aurora and soaking into your brain...





 



On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza <jdso...@shyle.net>
wrote:

PERFORM-APPLICATION-LOGOUT from the home page or any other page that
the
user might have access too if the $CLIEMT-TYPE$ = 9..

Why would you have such a requirement though when the future versions does
not support access through the native User client?

This is a workflow mechanism - it will be impossible to do it with a non
workflow mechanism. Unless you are free to employ a security guard to stand
besides that employee and beat the crap out of him if he tries to log in
through the mid tier.. That would be a non workflow mechanism :) - primitive
- but will work.. :)

Joe




-Original Message-
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf
Of SUBSCRIBE arslist Aditya Sharma
Sent: Friday, September 06, 2013 3:59 PM
To: arslist@ARSLIST.ORG
Subject: Prevent MT Login


Hi Listers,

I have a requirement to prevent a particular user to be able login through
mid tier but same user should be able to login to client tools. Has anyone
implemented such requirement? What can be the best way to achieve this?

Specifically looking for a non-workflow mechanism.

Regards,
Aditya



Sent from my BlackBerryR smartphone from !DEA






___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"







 



_ARSlist: "Where the Answers Are" and have been for 20 years_







_ARSlist: "Where the Answers Are" and have been for 20 years_

_ARSlist: "Where the Answers Are" and have been for 20 years_