nv-l
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[nv-l] Extern link with no security

2005-08-30 10:23:09
Subject: [nv-l] Extern link with no security
From: Claus Nielsen <cne AT dmdata DOT dk>
To: nv-l AT lists.tivoli DOT com
Date: Tue, 30 Aug 2005 16:01:37 +0200 
Hello

I've created a link in the right click menu, so we can view details of an 
endpoint in the browser.
It all works, but my problem is too high security (If there is such a 
thing) :)

The link is added in my actions.xml file as:
--------------------------------------------------------
    <Action id="ExternLink" securityConstraint="RelaxedAccess" 
roles="Administrator,Operator,SuperUser,User">
      <Name>Show In Broser</Name>
      <!--  this doesn't have to match id   -->
      <Mnemonic>M</Mnemonic>
      <ShortDescription>Open device in Browser</ShortDescription>
      <LongDescription>Open device in Browser</LongDescription>
      <!-- <SelectionRule minSelected="1" expr="isNode OR isInterface" /> 
-->
      <ActionHandler name="LaunchServerAppHandler" output="html">
        <Method>
 
<MethodName>com.tivoli.netview.client.NetViewApplet.launchServerApp</MethodName>
          <ArgList>
            <Val>
              <Array>
                <!--  first Val acts as a key - can be anything. Must be 
unique among all   -->
                <!--  ActionHandlers named LaunchServerAppHandler in all 
Actions XML files  -->
                <Val>DMkey9</Val>
                <!--  Second val must be fully-qualified pathname of 
executable -->
                <Val>/usr/OV/www/wwwroot/Link</Val>
                <Var>OVwSelections</Var>
              </Array>
            </Val>
          </ArgList>
        </Method>
      </ActionHandler>
    </Action>
--------------------------------------------------------

My problem is the location of the method launchServerApp, which is located 
in /netview/launcServerApp on the Jetty http server.
When a browser is pointing to that page, users have to enter username and 
password, as they would in the Web Console.

This is something I would like to work around, since I don't see a 
security hole in pointing to a web page.

Is it possible to create a clone or something of launchServerApp, and 
place it i.e. in the root of the http server, since no authorisation is 
required there?
If not, what are the security involvements of removing security from the 
/netview/ library, if possible?

Please ask me if this is insufficient knowlegde, to answer my question!
Thanks!

Best regards / Med venlig hilsen

Claus Nielsen
System Management Specialist
**************************************
IBM
Bytoften 1, DK-8240 Risskov, Denmark
e-mail: cne AT dk.ibm DOT com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [nv-l] Extern link with no security, Claus Nielsen <=
Previous by Date:  Re: [nv-l] Database support on Linux for SNMP data collection for Historical reporting, James Shanks
Next by Date:  [nv-l] NetView Error, Adya, Vinit
Previous by Thread:  [nv-l] Netview 7.1.4 FixPack's, Gerardo Ruiz Garcia
Next by Thread:  [nv-l] NetView Error, Adya, Vinit
Indexes:  [Date] [Thread] [Top] [All Lists]