Powerhouse Web user authentication

Smith, Vaughn EDUC:EX Vaughn.Smith at gov.bc.ca
Thu Apr 24 14:54:23 CDT 2008 

We have PH Web running on an Alpha OpenVMS. The documentation says
that user authentication is handled by handled outside of PH and the
dictionary.
Can the authentication reference the OpenVMS user authorization file or
does
it need to be something else entirely?
Thanks!
Vaughn Smith
Senior Business Analyst
Information & Technology Management Branch
Ministry of Advanced Education
___________________________________________
email: Vaughn.Smith at gov.bc.ca
phone: 250.387.8907
fax: 250.356.0033
>From the Cognos PH Web documentation:

Authentication and Access Control
To restrict access to known users, some Web servers allow you to specify
that a username and
password must be entered before a specific folder or file is accessed.
Authentication is the process of prompting for and verifying the
username and password. Access
control ensures that resources such as folders and files are only
accessible to authenticated users.
Refer to your Web server documentation to find out how to set up
authentication and access
control for your Web server. Note that the username and password list
used for authentication is
separate from PowerHouse Web and the PowerHouse dictionary. Maintaining
the username and
password list is done outside of PowerHouse Web.
By requiring a password to access the PHCGI, you can ensure that only
known users can access
PowerHouse Web applications. However, most applications have some pages
that you want to
protect, and some that can be open to public view. In this case, you use
two copies of the PHCGI,
one as a protected resource requiring authentication to access and the
other unprotected. Once
you have both protected and unprotected copies of the PHCGI, you still
need to control access at
the page level. Controlling page access is required because you can't
prevent someone from typing
a URL pointing to the unprotected PHCGI using a page that is supposed to
be protected.
PowerHouse Web can use the authenticated username to control access to
the page. In addition,
the username can be used to control access to items and records through
application security
specified in the dictionary.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sowder.com/pipermail/powerh-l/attachments/20080424/af4fdb4c/attachment.html

More information about the powerh-l mailing list