nv-l
[Top] [All Lists]

[nv-l] Extern link with no security

To: nv-l@lists.tivoli.com
Subject: [nv-l] Extern link with no security
From: Claus Nielsen <cne@dmdata.dk>
Date: Tue, 30 Aug 2005 16:01:37 +0200
Delivery-date: Tue, 30 Aug 2005 15:23:10 +0100
Envelope-to: nv-l-archive@lists.skills-1st.co.uk
Reply-to: nv-l@lists.us.ibm.com
Sender: owner-nv-l@lists.us.ibm.com
Hello

I've created a link in the right click menu, so we can view details of an 
endpoint in the browser.
It all works, but my problem is too high security (If there is such a 
thing) :)

The link is added in my actions.xml file as:
--------------------------------------------------------
    <Action id="ExternLink" securityConstraint="RelaxedAccess" 
roles="Administrator,Operator,SuperUser,User">
      <Name>Show In Broser</Name>
      <!--  this doesn't have to match id   -->
      <Mnemonic>M</Mnemonic>
      <ShortDescription>Open device in Browser</ShortDescription>
      <LongDescription>Open device in Browser</LongDescription>
      <!-- <SelectionRule minSelected="1" expr="isNode OR isInterface" /> 
-->
      <ActionHandler name="LaunchServerAppHandler" output="html">
        <Method>
 
<MethodName>com.tivoli.netview.client.NetViewApplet.launchServerApp</MethodName>
          <ArgList>
            <Val>
              <Array>
                <!--  first Val acts as a key - can be anything. Must be 
unique among all   -->
                <!--  ActionHandlers named LaunchServerAppHandler in all 
Actions XML files  -->
                <Val>DMkey9</Val>
                <!--  Second val must be fully-qualified pathname of 
executable -->
                <Val>/usr/OV/www/wwwroot/Link</Val>
                <Var>OVwSelections</Var>
              </Array>
            </Val>
          </ArgList>
        </Method>
      </ActionHandler>
    </Action>
--------------------------------------------------------

My problem is the location of the method launchServerApp, which is located 
in /netview/launcServerApp on the Jetty http server.
When a browser is pointing to that page, users have to enter username and 
password, as they would in the Web Console.

This is something I would like to work around, since I don't see a 
security hole in pointing to a web page.

Is it possible to create a clone or something of launchServerApp, and 
place it i.e. in the root of the http server, since no authorisation is 
required there?
If not, what are the security involvements of removing security from the 
/netview/ library, if possible?

Please ask me if this is insufficient knowlegde, to answer my question!
Thanks!

Best regards / Med venlig hilsen

Claus Nielsen
System Management Specialist
**************************************
IBM
Bytoften 1, DK-8240 Risskov, Denmark
e-mail: cne@dk.ibm.com

<Prev in Thread] Current Thread [Next in Thread>
  • [nv-l] Extern link with no security, Claus Nielsen <=

Archive operated by Skills 1st Ltd

See also: The NetView Web