The function that is called by OECGI.EXE before it calls any Internet procedure specified in the HTTP-request.
Note: OpenInsight ships with the source code of this function, as a stored procedure in SYSPROG.
return = Inet_Security (Request, InetProcName)
The Inet_Security function has the following parameters:
Parameters | Description |
---|---|
Request | [in] HTTP-request |
InetProcName | [in] Name of Internet procedure that is about to be called |
An empty string to allow the call or valid HTML script with an error message; this message is immediately passed back to the client.
Inet_Msg(), Inet_QueryParam(), Inet_Repos(), Inet_Rlist(), Inet_Trace()
To restrict running Inet_ procedures to the SALES user, do the following:
function INET_Security(Request, FnName) ************************************************************************** * Project : OpenInsight for Internet * * Name : INET_Security * Description: Security check point for a request * * Parameters: * Request [in/out] -- HTTP request (see INET_EQUATES) * FnName [in/out] -- name of a function that is * about to be executed (starts with * INET_) * returns [out] -- emty string to allow request or * message in html format to stop the * request * and pass it back to a client * * Note: * Parameters "Request" and "Function" are passed by * reference which makes it possible to change the function * name and/or request parameters on a fly by intelligent * security procedure *************************************************************************** $insert Logical $insert Inet_Equates declare subroutine Send_Event HtmlMessage = '' ;* assume success * put your authorization check code here * if @username <> 'SALES' then HTMLMessage = "<B>You are not authorized to run " : FnName end else HtmlMessage = '' end * if authorization failed -- log the failure if len(HtmlMessage) then Send_Event(GS_MONITOR$, 'OMNIEVENT', 'OUTCOMING', 'Authorization failed') end return HtmlMessage After you compile the changed program, only the SALES user can run Internet procedures. |