iSeries 400 web protection techniques are
published
Web protection techniques are quite different from
what an expert of traditional iSeries 400 security would expect,
and therefore they are not so easy to be learnt on the fly.
This is why we wrote these pages.
They provide a walk through the "easiest"
techniques, such as re-using traditional user profiles
and using validation lists.
In the techniques that we go through, we provide
examples of how you can implement protection,
and test cases as well.
These web protection techniques have a number of advantages
- they do not require you to do anything specific
inside your pages (though they may result from the
execution of a program);
usually restricting authorities to the path or to
the object itself is enough
- dialog boxes for internet user logon are driven by your
external protections; therefore your application
does not have to be aware of them
We call these protection techniques external,
inasmuch they can be defined on top of your
web application.
Your protection strategy may require an application
to adopt some page naming convention, but
apart from this your web application can be designed
independently from your security strategy.
"External protections" are implemented through
directives written in the configuration files
of the appropriate HTTP servers.
This can be done manually or through services
(sometimes called wizards) which may be available
in the HTTP ADMIN server.
In our pages we provide the following:
- for the Traditional HTTP server
- examples of walk-through the ADMIN security services
to generate security directives
- examples of security directives
- for the HTTPserver (powered by Apache)
- examples of security directives
Click on the
...more info button above
to display the details of this technique.