<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7653.14">
<TITLE>Powerhouse Web user authentication</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">We have PH Web running on an Alpha OpenVMS. The documentation says</FONT>
<BR><FONT SIZE=2 FACE="Arial">that user authentication is handled by handled outside of PH and the dictionary.</FONT>
<BR><FONT SIZE=2 FACE="Arial">Can the authentication reference the OpenVMS user authorization file or does</FONT>
<BR><FONT SIZE=2 FACE="Arial">it need to be something else entirely?</FONT>
<BR><FONT SIZE=2 FACE="Arial">Thanks!</FONT>
<BR><B><FONT SIZE=2 FACE="Arial">Vaughn Smith<BR>
</FONT></B><FONT SIZE=2 FACE="Arial">Senior Business Analyst<BR>
Information & Technology Management Branch<BR>
Ministry of Advanced Education<BR>
___________________________________________</FONT>
<BR><I><FONT SIZE=2 FACE="Arial">email: Vaughn.Smith@gov.bc.ca<BR>
phone: 250.387.8907<BR>
fax: 250.356.0033</FONT></I>
<BR><FONT SIZE=2 FACE="Arial">From the Cognos PH Web documentation:</FONT>
</P>
<P><B><FONT SIZE=5 FACE="BellGothic-Black">Authentication and Access Control</FONT></B>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">To restrict access to known users, some Web servers allow you to specify that a username and</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">password must be entered before a specific folder or file is accessed.</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">Authentication is the process of prompting for and verifying the username and password. Access</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">control ensures that resources such as folders and files are only accessible to authenticated users.</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">Refer to your Web server documentation to find out how to set up authentication and access</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">control for your Web server. Note that the username and password list used for authentication is</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">separate from PowerHouse Web and the PowerHouse dictionary. Maintaining the username and</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">password list is done outside of PowerHouse Web.</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">By requiring a password to access the PHCGI, you can ensure that only known users can access</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">PowerHouse Web applications. However, most applications have some pages that you want to</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">protect, and some that can be open to public view. In this case, you use two copies of the PHCGI,</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">one as a protected resource requiring authentication to access and the other unprotected. Once</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">you have both protected and unprotected copies of the PHCGI, you still need to control access at</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">the page level. Controlling page access is required because you can't prevent someone from typing</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">a URL pointing to the unprotected PHCGI using a page that is supposed to be protected.</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">PowerHouse Web can use the authenticated username to control access to the page. In addition,</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">the username can be used to control access to items and records through application security</FONT>
<BR><FONT SIZE=2 FACE="SabonLTStd-Roman">specified in the dictionary.</FONT>
</P>
<BR>
<BR>
</BODY>
</HTML>