Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
111112113114115116117118119120
Security Management Guide522283-008
6-1
6
Concerns for the Application
Programmer
An application programmer creates application programs, customized to an
organization’s environment and business needs. The programmer must make the
application secure. This section describes features available to you for creating secure
applications.
Authentication
In a NonStop system environment, you can authenticate a user in two ways:
The application can rely on users having standard user IDs, verified through a
TACL logon, a Safeguard logon, or by a call by the application to the
USER_AUTHENTICATE_ procedure. These user IDs must be created through the
ADDUSER program or the SAFECOM ADD USER command.
The application can provide its own means of identifying users and a logon
procedure developed specifically for the application. These user IDs need not
resemble the standard user IDs in either form or function.
Authentication User IDs
When you use standard user IDs, many Guardian and Safeguard tools are available
for selected access and auditing operations. In addition, you can use user aliases,
which the Safeguard software supports.
If your application relies on standard user IDs or user aliases, the user of your
application must complete the TACL or Safeguard logon operation to access your
application, or your application must perform a USER_AUTHENTICATE_ system
procedure call.
If the Safeguard software is running on the system, the application can also take
advantage of an authentication feature known as a security event exit. A security
event-exit process is a user-written process that is allowed to participate in security
policy enforcement. Depending on how it is configured, the Safeguard software can
pass to the event-exit process all requests for object access authorization, user
authentication, and password quality verification. The event-exit process rules on these
requests, and the Safeguard software enforces the rulings. For more information
regarding an event-exit process, see the Safeguard Reference Manual.
After logging on, the user can be required to enter a command to invoke your
application, or you can specify automatic execution of your application.