guides:programming:programmers_reference_manual:inet_security

Inet_Security function

Description

The function that is called by OECGI.EXE before it calls any Internet procedure specified in the HTTP-request.

Note: OpenInsight ships with the source code of this function, as a stored procedure in SYSPROG.

Syntax

return = Inet_Security(Request, InetProcName)

Parameters

The Inet_Security function has the following parameters:

ParametersDescription
Request[in] HTTP-request
InetProcName[in] Name of Internet procedure that is about to be called

Returns

An empty string to allow the call or valid HTML script with an error message; this message is immediately passed back to the client.

See Also

Inet_Msg(), Inet_QueryParam(), Inet_Repos(), Inet_Rlist(), Inet_Trace()

Example

To restrict running Inet_ procedures to the SALES user, do the following:

* Log into the SYSPROG account.

* The Inet_Security() function source, found in SYSPROCS, by default, cannot be edited. To turn on editing, edit the SYSPROCNAMES row in the SYSENV table. This row contains the names of system procedures. Find the entry for INET_SECURITY, delete it, and save the row.

* Log out of OpenInsight.

* Log back into the SYSPROG account. The INET_SECURITY source can now be edited. Modify the source as shown below 

function INET_Security(Request, FnName)

**************************************************************************

* Project    : OpenInsight for Internet

*

* Name       : INET_Security

* Description: Security check point for a request

*

* Parameters:

*              Request    [in/out] -- HTTP request (see INET_EQUATES)

*              FnName     [in/out] -- name of a function that is

*                                     about to be executed (starts with

*                                     INET_)

*              returns    [out]    -- emty string to allow request or

*                                     message in html format to stop the

*                                     request

*                                     and pass it back to a client

*

* Note:

*              Parameters "Request" and "Function" are passed by

*              reference which makes it possible to change the function

*              name and/or request parameters on a fly by intelligent

*              security procedure

***************************************************************************

$insert Logical

$insert Inet_Equates

declare subroutine Send_Event

HtmlMessage = '' ;* assume success

* put your authorization check code here

*

if @username <> 'SALES' then

  HTMLMessage = "<B>You are not authorized to run " : FnName

end else

  HtmlMessage = ''

end
    

* if authorization failed -- log the failure

if len(HtmlMessage) then

   Send_Event(GS_MONITOR$, 'OMNIEVENT', 'OUTCOMING', 'Authorization failed')

end

return HtmlMessage

After you compile the changed program, only the SALES user can run Internet procedures.

  • guides/programming/programmers_reference_manual/inet_security.txt
  • Last modified: 2024/06/19 20:20
  • by 127.0.0.1