iTP Active Transaction Pages (iTP ATP) Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series

201

202

203

204

205

206

207

208

209

210

SQL Query Tool and Catalog Explorer

iTP Active Transaction Pages (iTP ATP) Programmer’s Guide—522292-002

A-2

Security

In the default configuration, ATP applications execute under the same NonStop Kernel

user ID as the iTP Secure WebServer. This security is generally acceptable for

applications in which access to Compaq resources, such as Pathway servers and

NonStop SQL databases, is defined on the web page. In the iTP Secure WebServer

environment, web pages can be stored and configured only by users who have

appropriate permission, just as only certain users are permitted to put a program into

production.

Tools that permit a browser user to enter NonStop SQL statements present a greater

security concern. By default, the browser user would have the same NonStop SQL

privileges as the person under whose user ID the iTP WebServer is running. In addition,

access to the NonStop Query Tool and Catalog Explorer is password-protected using a

default username of sql and password of sql. You should change these default values

by using the useradm utility included with the iTP Secure WebServer. For details, see

the iTP Secure WebServer System Administrator’s Guide, which describes administering

passwords using the useradm utility.

To provide additional security, see the following subsections:

•

The .atp_sql_query Filename Extension

•

Read-Only Access

The .atp_sql_query Filename Extension

To provide for a more flexible and secure environment, you can define a filename

extension other than .atp for use with the NonStop SQL Query Tool and Catalog

Explorer. For example, you could use the extension .atp_sql_query. This

differentiation allows requests for SQL tools to be processed in a different PATHMON

environment (under a different user ID).

Routing of requests, by file extension, to a specific PATHMON environment is specified

by the PathwayMimeMap directive in the atp.config file. In the following

example, requests for pages that have the extension .atp are assigned to the atp

server class in the iTP Secure WebServer PATHMON environment defined by the

httpd.config file that includes atp.config. Requests for pages that have the

extension .atp_sql_query are assigned to the atp server class in the environment

of PATHMON process $DJCP. To implement a configuration like this, your

atp.config file must also include a map define for the PATHMON name you will

use in the PathwayMimeMap directive.

# Requests for 'standard' Server-JavaScript pages...

MimeType application/x-httpd-guardian atp

PathwayMimeMap atp atp

# Requests for SQL query pages...

MimeType application/x-httpd-guardian atp_sql_query

PathwayMimeMap atp_sql_query /G/DJCP:atp