Example PH Web sites
Richard Sheehan
sheerich at isu.edu
Thu Jun 30 11:20:42 CDT 2005
David,
Yes, there has been quite a bit of discussion; but I did want to mention
to you that one thing ISU did at one time - was - when starting a PHWEB
session, open a new page that did not display the URL that has some of
the session information included in it.
Doing this combined; with server side techniques, allows ISU to prevent
someone from hijacking a session and /or accessing applications that one
should not have access to.
One thing that comes to mind as a need to remember is the stateless
nature of things. So at the startup of every PH Web application, we
check to see if the person has an active session that has not timed out,
and as necessary, check that security matches that user to that
particular application or series thereof.
If you want any additional information on this; I'm sure John MacLerran
would be willing to speak about the concerns we addressed when
implementing PHWeb.
Richard Sheehan
IT Programmer Analyst
208-282-4427
Student Services, College of Technology
Idaho State University
Pocatello, ID 83209-8380
David Williams wrote:
>Cheers Richard
>
>I guess Calmac has been beaten to death now, and there seem to have been
>OK answers on other sites.
>
>
>David
>
>-----Original Message-----
>From: Richard Sheehan [mailto:sheerich at isu.edu]
>Sent: 30 June 2005 15:20
>To: David Williams
>Cc: shulbert at littlejohnfrazer.com; powerh-l at lists.sowder.com
>Subject: Re: Example PH Web sites
>
>I may be the one mistaken here. Maybe someone from Calamac would
>respond to your post.
>
>It appears that their site is a mix of both ASP and PH_WEB. As you
>indicated, once you get to step 2, then you see the phcgi.exe commands.
>
>
>Richard Sheehan
>IT Programmer Analyst
>208-282-4427
>Student Services, College of Technology
>Idaho State University
>Pocatello, ID 83209-8380
>
>
>
>David Williams wrote:
>
>
>
>>Apologies if I got this wrong. Online booking step2 (after you've
>>entered car type etc) shows outward and return trips. The view source
>>
>>
>on
>
>
>>this gives you hidden PH_HTML PH_APP etc entries, and what I thought
>>
>>
>was
>
>
>>code to go through phcgi.exe for a price check.
>>
>>I've only maintained phweb, not done new apps with it, and am not up on
>>asp. It looked to me as if the surrounds are not PHWEB, but the core
>>database access bits might be? Or perhaps it's just dead code, and I
>>can't recognise that?
>>
>>
>>
>>David
>>
>>-----Original Message-----
>>From:
>>powerh-l-bounces+david_williams=westbury-homes.co.uk at lists.sowder.com
>>[mailto:powerh-l-bounces+david_williams=westbury-homes.co.uk at lists.sowd
>>
>>
>e
>
>
>>r.com] On Behalf Of Richard Sheehan
>>Sent: 29 June 2005 17:52
>>To: shulbert at littlejohnfrazer.com
>>Cc: powerh-l at lists.sowder.com
>>Subject: Re: Example PH Web sites
>>
>>The online booking portion of the Calamac site appears to be running on
>>ASP.
>>
>><some source>
>>
>> <form name="booking" method="post" action="web100.asp">
>>
>></some source>
>>
>>I did not see any apparent PowerHouse on this site.
>>
>>
>>Richard Sheehan
>>IT Programmer Analyst
>>208-282-4427
>>Student Services, College of Technology
>>Idaho State University
>>Pocatello, ID 83209-8380
>>
>>
>>
>>shulbert at littlejohnfrazer.com wrote:
>>
>>
>>
>>
>>
>>>christina,
>>>very nice sites.
>>>going back to my concerns about security, the third site allows a
>>>
>>>
>>>
>>>
>>guessed/hand-crafted url which apparently gives you access to a search
>>page.
>>
>>
>>
>>
>>>https://www.azusalw.com/cgi-bin/phcgi.exe?PH_QKC=PHW11&PH_HTML=PHW11w&
>>>
>>>
>P
>
>
>>>
>>>
>>>
>>>
>>H_APP=PHWAZUSA&PH_ACTION=loaddata
>>
>>
>>
>>
>>>i don't have time to play with it fully, but this seems to give
>>>
>>>
>limited
>
>
>>>
>>>
>>>
>>>
>>acces to account information.
>>
>>
>>
>>
>>>the calmac site seemed to have no data returned as urls, everything
>>>
>>>
>was
>
>
>>>
>>>
>>>
>>>
>>a postback.
>>
>>
>>
>>
>>>perhaps you should suggest this to all your clients as a generally
>>>
>>>
>more
>
>
>>>
>>>
>>>
>>>
>>secure way of doing things.
>>
>>
>>
>>
>>>regards,
>>>stephen.
>>>
>>>
>>>-----Original Message-----
>>>From: Christina.Hasse at cognos.com
>>>
>>>
>[mailto:Christina.Hasse at cognos.com]
>
>
>>>
>>>
>>>
>>>
>>Sent: Tuesday, June 28, 2005 5:25 AM
>>
>>
>>
>>
>>>To: robeconsult at sbcglobal.net
>>>Cc: powerh-l at lists.sowder.com
>>>Subject: RE: Example PH Web sites
>>>
>>>Hi Blue,
>>>
>>>Some examples include:
>>>
>>>www.beneficialadmin.com - Beneficial Administration. This site has a
>>>demo tour that can be run by clicking on the demo tour link. Allows
>>>updates.
>>>
>>>http://www.isu.edu/ - Idaho State University. This site uses PHWeb
>>>extensively for schedules, surveys, ...etc. Allows updates.
>>>
>>>http://www.azusalw.com/ - Azusa Light and Water. This site also uses
>>>PHWeb extensively. It does not allow updates.
>>>
>>>RDI Web has a very extensive PHWeb application call Customer Gateway.
>>>It is only available to it's customers, but the contact person Dick
>>>
>>>
>>>
>>>
>>Dale
>>
>>
>>
>>
>>>would be more than happy to have a discussion with you concerning what
>>>he has done. If you would like to contact him, please let me know.
>>>Allows update.
>>>
>>>Cassie Populare has an internal human resource system written using
>>>PHWeb. Allows updates.
>>>
>>>Washington Trust is in the process of writing a PHWeb internal system.
>>>Allows updates.
>>>
>>>To name a few..........
>>>
>>>Regards,
>>>
>>>Christina Hasse
>>>ADT N.A. Technical Manager
>>>COGNOS CORPORATION
>>>425 North Martingale Road, Suite 600
>>>Schaumburg, IL 60173
>>>christina.hasse at cognos.com
>>>
>>>Office: 847 - 285 - 2905
>>>Cell: 847 - 269 - 1909
>>>Fax: 847 - 240 - 0252
>>>
>>>http://powerhouse.cognos.com
>>>
>>>
>>>-----Original Message-----
>>>From: powerh-l-bounces+christina.hasse=cognos.com at lists.sowder.com
>>>[mailto:powerh-l-bounces+christina.hasse=cognos.com at lists.sowder.com]
>>>
>>>
>>>
>>>
>>On
>>
>>
>>
>>
>>>Behalf Of Robert Edis
>>>Sent: Monday, June 27, 2005 7:02 AM
>>>To: PowerHouse List
>>>Subject: Example PH Web sites
>>>
>>>G'day all
>>>
>>>Can anyone point me to some examples of PH Web sites that I can show
>>>
>>>
>to
>
>
>>>a client please? I know about the documentation pages on the Cognos
>>>support site but I want something more commercial looking.
>>>
>>>Regards,
>>>
>>>Blue
>>>--
>>>= = = = = = = = = = = = = = = = = = = = = = = = = = = = Mailing list:
>>>powerh-l at lists.sowder.com
>>>Subscribe: "subscribe" in message body to
>>>powerh-l-request at lists.sowder.com
>>>Unsubscribe: "unsubscribe <password>" in message body to
>>>powerh-l-request at lists.sowder.com
>>>http://lists.sowder.com/mailman/listinfo/powerh-l
>>>This list is closed, thus to post to the list you must be a
>>>
>>>
>subscriber.
>
>
>>>
>>>
>>>
>>>
>>This message may contain privileged and/or confidential information.
>>
>>
>If
>
>
>>you have received this e-mail in error or are not the intended
>>recipient, you may not use, copy, disseminate or distribute it; do not
>>open any attachments, delete it immediately from your system and notify
>>the sender promptly by e-mail that you have done so. Thank you.
>>-- = = = = = = = = = = = = = = = = = = = = = = = = = = = =
>>
>>
>>
>>
>>>Mailing list: powerh-l at lists.sowder.com
>>>Subscribe: "subscribe" in message body to
>>>
>>>
>>>
>>>
>>powerh-l-request at lists.sowder.com
>>
>>
>>
>>
>>>Unsubscribe: "unsubscribe <password>" in message body to
>>>
>>>
>>>
>>>
>>powerh-l-request at lists.sowder.com
>>
>>
>>
>>
>>>http://lists.sowder.com/mailman/listinfo/powerh-l
>>>This list is closed, thus to post to the list you must be a
>>>
>>>
>subscriber.
>
>
>>>Littlejohn Frazer
>>>Chartered Accountants
>>>1 Park Place
>>>Canary Wharf
>>>London
>>>E14 4HJ
>>>
>>>Tel: 020 7987 5030
>>>Fax: 020 7987 9707
>>>Web: www.littlejohnfrazer.com
>>>
>>>
>>>The information contained in this communication is confidential and
>>>
>>>
>may
>
>
>>>be legally privileged. It is intended solely for the use of the
>>>individual or entity to whom it is addressed and others authorised to
>>>receive it. If you are not the intended recipient you are hereby
>>>notified that any disclosure, copying, distribution or taking of any
>>>action in reliance on the contents of this information is strictly
>>>prohibited and may be unlawful.
>>>
>>>Littlejohn Frazer reserves the right to monitor the content of any
>>>message sent to or from littlejohnfrazer.com and its associate
>>>
>>>
>domains,
>
>
>>>fmi-litjon.co.uk and litjon.co.uk
>>>
>>>A list of partners may be inspected at the above address which is
>>>also the address for serving documents.
>>>
>>>Registered to carry on audit work by the Institute of Chartered
>>>Accountants in England & Wales, and authorised and regulated by the
>>>Financial Services Authority for investment business.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>
>
>
>
More information about the powerh-l
mailing list