iSeries 400 Web protection made easy

Validation list are a new object type *vldl since OS/400 V4R1. This object type was created to support the definition and the validation of internet users in a more appropriate way than traditional user profiles.
A validation list can be created with command
    crtvldl
A validation list entry defines three pieces of information (all case sensitive and variable length) for a given internet user:

• the user name
• the user password
• the user description

Validation list entries can be maintained through the ADMIN HTTP server:

1. http://yr_tcp_address:2001
2. logon as QSECOFR
3. select IBM HTTP Server for AS/400
4. select Configuration and Administration
5. select Internet Users

Apart from this official tool, you have no other way to maintain validation lists, unless writing your own program.

There are a number of reasons why you would like to develop such a program:

• you may want to have a Web program assigning new internet users
• you may want to have an internal program (run in CGI or in interactive mode) able to maintain (list, add, change, remove) validation list entries
• you want to retrieve user passwords (ADMIN program does not)

This is why we have made available to you our validation list utility that you may download along with our other stuff on protection (library WEBSECURE) and easily modify for your own needs.

Our utility is the CGI program websecure/wrkvldl made from the following sources:

1. Member wrkvldl in source file websecure/htmlsrc: the external HTML used by the CGI
2. Member wrkvldl in source file websecure/qrpglesrc: the main module of the CGI
3. Member lstvldl in source file websecure/qrpglesrc: the module providing a list of the validation list entries
4. Member getvldle in source file websecure/qrpglesrc: the module providing a validation list entry at a time to module lstvldl list entries
5. Member wrkvldle in source file websecure/qrpglesrc: the module providing validation list entry maintenance(add, change, remove an entry)

1. Push the button run the utility at the bottom of this page.
   1. As the CGI is protected using validation list websecure/cgi, you will be asked to enter an username and password: type username mary and password mary
   2. Our utility shows up in a new window.
      It maintains validation list websecure/inetusr:
      add yourself as a new internet user
2. Close the window and push the button logon as new user.
   This time you are asking to run the CGI websecure/hi, which is protected through the validation list websecure/inetusr that you just updated.
   Enter your username and password and see what happens.

We also provide an example of how to use one of the modules of the utility. This example allows to list the entries of whatever validation list, provided the appropriate authorization is given. You may try it. Just remember to logon with username mary and password mary. We suggest you try to list the entries of validation list inetusr in library websecure.