Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

Concerns for the Application Programmer

Security Management Guide—522283-008

6-4

Application-Specific User IDs

If you choose not to use standard user IDs, your application can use application-

specific user IDs.

Because the Guardian environment does not manage or interpret these user IDs, you

have the full flexibility to design the syntax and semantics within your application. Thus,

you can make the application’s security as simple or as powerful as you need.

However, you lose the support provided by Guardian and Safeguard tools, such as

distinct IDs on a TACL STATUS command, auditing of user actions, and so on. This

condition can make security management much more difficult.

HP PS MAIL illustrates the use of independent user IDs. Each user is assigned a

correspondent name, which typically reflects the real name of the user.

PS MAIL maintains an independent database of correspondent names and their

associated passwords. When a user first invokes PS MAIL, the user must enter their

correspondent name and associated password.

PS MAIL has its own tools to update, query, and maintain the database of

correspondent names. These tools are independent of standard Guardian tools such

as the ADDUSER and USERS utilities.

Name Selection

The Guardian environment does not restrict the syntax of the names for your

application-specific user IDs. It treats these names merely as data and attaches no

special significance to them.

Creating and Maintaining the Name Database

After you create the syntax of the names, you need to develop tools to create and

maintain a database that contains those names, along with information to be

associated with each name. For example, you need a way to authenticate the user

(such as a password). Other relevant information can also be stored in the database,

such as the hours of allowed access (if access needs to be restricted on an individual

basis), additional privileges (such as allowing a user to enter a maintenance screen or

update the name database), or administrative information (such as the user’s full name

or phone extension).

Because the name database contains sensitive information, take special care to

secure this database. Access to this database means that one user can impersonate

another with respect to the application. For example, in PS MAIL, access to the

database containing the correspondent names allows a user to read another user’s

mail or even send mail as the other user.