如何於 RPG 中確認使用者密碼(Verifying Password in RPG) ?
某些應用軟體會設定使用者程式執行等級,但是有時較高等級時即需要再作密碼確認,此時密碼來源為何?
即需要好好思考. 因為規劃不當,將造成系統安全漏洞,不可不慎!
有許多應用軟體需要確認使用者是否有權限作某些動作,如核准簽呈或需要某些人的權限
核可後方能繼續後續作業等.
有多種方法可以做到:
1. 應用軟體自行維護使用者密碼,亦及權限密碼與SignOn 系統密碼分開管理,但使用者需
記得二種密碼,使用者極不方便,往往兩種密碼混淆不清,暴露使用者密碼,造成系統安全死角.
2. 應用軟體權限密碼與 SignOn 系統密碼同步,這是最好的方式,使用者僅需要記住 SignOn
系統密碼即可.此種做法又可分二種,
2.1 一種是利用系統值 QPWDVLDPGM 設定密碼權限檢核程式,將使用者密碼存入應用軟體權限密碼檔,
但是此種做法同樣暴露使用者密碼,造成系統安全死角.
2.2 另一種最好的方式是完全使用系統 SignOn 密碼作為應用軟體權限密碼,於需要作權限確認時才
利用系統 API 作確認, 將密碼完全交由系統控管,如此運作即可確保應用軟體的權限設定及系
統安全性, 畢竟密碼控管不是一般應用軟體的專長.
在此提供使用系統 SignOn 密碼作為應用軟體權限密碼檢核範例
File : QDDSSRC
Member: SECURITYD
Type : DSPF
A DSPSIZ(24 80 *DS3)
A PRINT
A CA03(03 'EXIT')
A CA12(12 'RETURN')
*
A R VRYSECR
A OVERLAY
A 1 31'VERIFY USER PASSWORD'
A DSPATR(HI)
A 1 72DATE
A EDTWRD('0 / / ')
A COLOR(BLU)
A 2 72SYSNAME
A COLOR(BLU)
A 12 37'USER PROFILE :'
A USR 10 B 12 52
A 13 37'USER PASSWORD:'
A PASWRD 10 B 13 52DSPATR(ND)
*
A R ROOT
A 23 2'F3=EXIT F12=RETURN'
A COLOR(BLU)
A MSG 74 O 24 2
File : QRPGLESRC
Member: SECURITY
Type : RPGLE
* ===================================================================
* = Service Program... Security =
* = Description....... Security routines =
* = =
* = Compile........... CrtRPGMod Module(YourLib/Security) =
* = SrcFile(YourLib/YourSrcFile) =
* = CrtSrvPgm SrvPgm(YourLib/Security) =
* = Export(*All) =
* ===================================================================
H NoMain
* ===================================================================
* = Prototypes =
* ===================================================================
* -------------------------------------------------------------------
* - VfyUsrPwd - Veryify user password -
* -------------------------------------------------------------------
D VfyUsrPwd PR 1N
D 10 Value
D 10 Value
D 272 Options( *NoPass )
* -------------------------------------------------------------------
* - GetProfileHdl - Get profile handle API -
* -------------------------------------------------------------------
D GetProfileHdl PR ExtPgm( 'QSYGETPH' )
D 10
D 10
D 12
D 272
* -------------------------------------------------------------------
* - RlsProfileHdl - Release profile handle API -
* -------------------------------------------------------------------
D RlsProfileHdl PR ExtPgm( 'QSYRLSPH' )
D 12
D 272
* ===================================================================
* = Procedure..... VfyUsrPwd =
* = Description... Verify user password =
* ===================================================================
P VfyUsrPwd B Export
D PI 1N
D UsrPrf 10 Value
D Password 10 Value
D APIError 272 Options( *NoPass )
* -------------------------------------------------------------------
* - Data definitions -
* -------------------------------------------------------------------
D Hdl S 12
D NoAPIError C Const( *Zero )
D APIErrorPassed S 1N
D APIErrorDS DS
D BytesProvided 10I 0 Inz( %Size( APIErrorDS ) )
D BytesAvail 10I 0 Inz( *Zero )
D MsgID 7 Inz( *Blanks )
D Reserved 1 Inz( X'00' )
D MsgDta 256 Inz( *Blanks )
* -------------------------------------------------------------------
* - Determine whether API error parameter was passed -
* -------------------------------------------------------------------
C If %Parms > 2
C Eval APIErrorPassed = *On
C EndIf
* -------------------------------------------------------------------
* - Retrieve profile handle -
* -------------------------------------------------------------------
C Reset APIErrorDS
C CallP GetProfileHdl(
C UsrPrf :
C Password :
C Hdl :
C APIErrorDS
C )
C If BytesAvail <> NoAPIError
C ExSr ReturnError
C EndIf
* -------------------------------------------------------------------
* - Release profile handle -
* -------------------------------------------------------------------
C Reset APIErrorDS
C CallP RLSProfileHdl(
C Hdl :
C APIErrorDS
C )
C If BytesAvail <> NoAPIError
C ExSr ReturnError
C EndIf
C Return *Off
* -------------------------------------------------------------------
* - Subroutine.... ReturnError -
* - Description... Return error condition to caller -
* -------------------------------------------------------------------
C ReturnError BegSr
C If APIErrorPassed
C Eval APIError = APIErrorDS
C EndIf
C Return *On
C EndSr
P VfyUsrPwd E
File : QRPGLESRC
Member: SECURITYR
Type : RPGLE
* ===================================================================
* = Program....... SecurityR =
* = Description... Sample demonstrating use of procedure =
* = VfyUsrPwd in applications =
* = =
* = Compile....... CrtRPGMod Module(YourLib/SecurityR) =
* = SrcFile(YourLib/YourSrcFile) =
* = CrtPgm Pgm(YourLib/SecurityR) =
* = BndSrvPgm(YourLib/Security) =
* = ActGrp(*New) =
* ===================================================================
H DEBUG OPTION(*SRCSTMT:*NODEBUGIO)
FSECURITYD CF E WorkStn
D VfyUsrPwd PR 1N
D 10 Value
D 10 Value
D 272 Options( *NoPass )
D UsrPrf S 10
D Password S 10
D RtnCode S 1N
D APIErrorDS DS
D BytesProvided 10I 0 Inz( %Size( APIErrorDS ) )
D BytesAvail 10I 0 Inz( *Zero )
D MsgID 7 Inz( *Blanks )
D Reserved 1 Inz( X'00' )
D MsgDta 256 Inz( *Blanks )
C DoU *In03 or *In12
C Write root
C reset PASWRD
C EXFMT vrysecr
C IF *In03 or *In12
C leave
C EndIf
C Eval UsrPrf = USR
C Eval Password= PASWRD
* method 1
C Eval RtnCode = VfyUsrPwd(
C UsrPrf :
C Password
C )
C USRPRF DSPLY RtnCode
* method 2
C Eval RtnCode = VfyUsrPwd(
C UsrPrf :
C Password :
C APIErrorDS
C )
C USRPRF DSPLY RtnCode
C If RtnCode
C Eval MSG = 'Invalid user or password.'
C Else
C Eval MSG = 'User ' + %trim(USRPRF) +
C ' Password verified OK.'
C EndIf
* method 3
C If VfyUsrPwd(
C UsrPrf :
C Password :
C APIErrorDS
C )
* Insert error handling code for failed verification
C USRPRF DSPLY RtnCode
C EndIf
C ENDDO
C Eval *InLr = *On
使用方式:
CALL SECURITYR
輸入 USER 及 PASSWORD(畫面設定不顯示但仍可輸入)
參考資料
Get Profile Handle (QSyGetPH)
http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/index.htm?info/apis/QSYGETPH.htm .
Release Profile Handle (QSyRlsPH)
http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/index.htm?info/apis/QSYRLSPH.htm .
星期三, 11月 01, 2023
2002-04-09 如何於 RPG 中確認使用者密碼(Verifying Password in RPG) ?
訂閱:
張貼留言 (Atom)
沒有留言:
張貼留言