Re: [U2] Web services
Not using WebDE, but 2 things we have done in the past is simple IP checking (only allowing access from specific/authorized IP addresses), and also (AND or OR) using locking access to specific machines using a hash of some machine attributes (typically Mac ID, Disk ID such -- but we have the advantage of having an ActiveX that grabs encodes this for us) Whilst not quite the same as the money market, we have clients that operate with other liquid assets (Beer, Wine Spirits) and some of the information is extremely sensitive in the market, so needed to ensure that if an employee left, no data went with them or was accessible remotely! Ross Ferris Stamina Software Visage Better by Design! -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users- boun...@listserver.u2ug.org] On Behalf Of David Jordan Sent: Friday, 5 June 2009 12:40 AM To: U2 Users List Subject: Re: [U2] Web services I am trying to work out how to identify who the person is that is consuming a web service using the U2 web services developer. I know techniques to do it in .Net. How do ensure that a person is authorized to consume that service. What approaches have others taken to tackle this. Regards David Jordan ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Web services
In general, you want web services to stick to what they do best and handle custom/specific security requirement/issues outside of them. Such an approach could including installing a proxy server or firewall (hardware or software) between the web service server and the web services consumers. Bear in mind that your rarely can you have your cake and eat it when it comes to robust security solutions. Generally - it's *all* or nothing. Otherwise, you introduce exceptions and workarounds that ultimately defeat the original intent...plus break your existing application. :) This is not a U2 Web Services specific issue, but impacts similar such products and middleware as well. Some have built-in security like ACLs or IP-address restrictions at the service/provider and/or queue-level. Regards, David -Original Message- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of David Jordan Sent: Friday, 5 June 2009 2:50 PM To: U2 Users List Subject: Re: [U2] Web services The Web Services Developer is very quick and easy to set up a service talking to a Basic Subroutine. The only issue I have is the authorisation and why in the past I have used .Net. I was trying to work out whether PAM/LDAP could be used as it is available with UniVerse 10.3, but there is little documentation. Regards David Jordan ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ** IMPORTANT MESSAGE * This e-mail message is intended only for the addressee(s) and contains information which may be confidential. If you are not the intended recipient please advise the sender by return email, do not use or disclose the contents, and delete the message and any attachments from your system. Unless specifically indicated, this email does not constitute formal advice or commitment by the sender or the Commonwealth Bank of Australia (ABN 48 123 123 124) or its subsidiaries. We can be contacted through our web site: commbank.com.au. If you no longer wish to receive commercial electronic messages from us, please reply to this e-mail by typing Unsubscribe in the subject line. ** ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Personal Edition Modulo Limits
I guess I don't understand your dilemma... you previously did a uvbackup of your account(s), then moved it to your dev machine and did a uvrestore. All I'm suggesting is that you use zip/unzip instead of uvbackup/uvrestore. What do you mean by How do I get those accounts...into universe? The accounts and files are already in universe -- moving it to a different machine doesn't change that (unless you switch between intel and non-intel processors). rex Stephen Prater wrote: How do I get those accounts / files into universe on the dev machine? ACCOUNT-RESTORE? ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Personal Edition Modulo Limits
No, I just don't understand Universe, or you might have underestimated the depths of my newbieness. Do I have to do anything to get Universe to recognize those accounts in addition to unzipping them into a directory? Do I need to do something with UV.ACCOUNT? Or can I just unzip them into the directory and then make with the LOGTO? stephen On Jun 5, 2009, at 12:12 PM, Rex Gozar wrote: I guess I don't understand your dilemma... you previously did a uvbackup of your account(s), then moved it to your dev machine and did a uvrestore. All I'm suggesting is that you use zip/unzip instead of uvbackup/uvrestore. What do you mean by How do I get those accounts...into universe? The accounts and files are already in universe -- moving it to a different machine doesn't change that (unless you switch between intel and non-intel processors). rex Stephen Prater wrote: How do I get those accounts / files into universe on the dev machine? ACCOUNT-RESTORE? ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
[U2] Tracing UV system calls, linux
Does anyone know of a way to trace system calls made by UV as a non-root user? Here's the problem we have: UV on RH ES 5.1 joined to an W2K3 native mode AD domain. We have an AD issue that causes UV to either fail to execute, or die before the user can enter the environment. This doesn't happen to all users, and appears to be random, but affects more users over time. Usually a user can get into UV eventually after repeated attempts. Once they're logged in, everything's fine. The current UV server has been in production for over a year with no AD issues. Nothing has changed on the UV server. Prior to that we ran UV on RH AS 3.0 joined to the same domain for 3+ years without issue. We virtualized one of our domain controllers on VMware ESX in October, and no issues between then and now. Kerberos authentication always works. The user logs in OK at the OS level, but UV will not execute. I suspect a user or group permission problem, but at the OS level, all of the various AD connectivity validation methods work OK (id, wbinfo -i, wbinfo -u, wbinfo -g, getent passwd, getent group). The permissions on the UV directory are rwxrwxr-x, and the group ownership is the AD domain users group. I tried adding world write permissions in our development account, but that didn't help. When this issue first happened a few weeks ago, rebooting all 3 domain controllers made the problem disappear for a little over 2 weeks. When it recurred, rebooting only the domain controllers didn't work, but rebooting them along with the UV server got us by for 4 days. The Windows admin also fixed an AD replication problem at that time. RH ES 5.1 doesn't have strace installed. It has autrace, which is supposedly similar, but looks like it can only be run as root. I've verified that if I run UV as a local user, it will work. Our web app server uses a local user ID for UOJ connections, and the UOJ connections always work. I need some way to determine at what point the UV executable is dying to determine which system call is being affected by AD, and that requires executing it as an AD user. Another thought I had for a workaround was to change the ownership of the UV executable to a local /etc/passwd user who has the domain users group #, and us chmod +s to make uv run as that user. Does anyone know if that would cause problems? Also, would anything break if I copied the uv executable to something like uv_test so I could try this with a test login and not affect the entire server? Thanks, John ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
Re: [U2] Personal Edition Modulo Limits
Ok, Once they are unzipped into a directory, you can set it up in UV.ACCOUNT manually (just a record with field 11 containing the path), or you can LOGTO the path, e.g. LOGTO /tmp/SALES.ACCOUNT (unix - case sensitive) or LOGTO C:/temp/sales.account (windows - not case sensitive) Once you get into the account, you can start resizing those large files over 10007. rex Stephen Prater wrote: No, I just don't understand Universe, or you might have underestimated the depths of my newbieness. ___ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users
