This is true whether the directory contains HTML files, or is a CGI directory containing executable programs.
Since the Toolkit accesses documents via the CGI directory it is the CGI directory that requires security, not the HTML pages. Thus on HTTP Servers that require a number of different levels of access it is often desirable to set up multiple CGI directories containing copies of the HTML Toolkit programs that have different HTTP access control - and can be inididually configured for database access as well.
If you have HTTP access control on your documentation then this makes the log-on username of the client available to the Empress HTML Toolkit. This is available as a CGI variable called REMOTE_USER.
By default the HTML Toolkit looks for HTML pages directly under the DocumentRoot of the HTTP Server. Thus if the URL was:
http://My-bin/ehsql.cgi/a/b/c.html
The Toolkit would look for a document located at:
DocumentRoot/a/b/c.html
The EH_DOC_ROOT resource variable modifies this behaviour. With this variable set, the Toolkit would look for a document located at:
DocumentRoot/EH_DOC_ROOT/a/b/c.html
This has two purposes:
Sub-trees containing Toolkit applications are more readily moved around under the DocumentRoot of the server. (ie if you move the application down an extra directory, you just have to add the change to EH_DOC_ROOT. You do not have to make any changes to the URLs in the application).
It improves security by limiting the area of access for the Toolkit and effectively concealing the documentation location from the client.
There are three possible security scenarios at this point:
If there is no HTTP access control, the HTML Toolkit uses two resources variables to attempt the connection to the Connectivity Server:
If there is HTTP access control and the resource variable IGNORE_REMOTE_USER is set, the HTML Toolkit uses the same two resource variables:
If there is HTTP access control and the resource variable IGNORE_REMOTE_USER is not set, the HTML Toolkit uses REMOTE_USER CGI variable as the username and no password.
If you wish to associate a password with the REMOTE_USER you can set a resource variable in the ehtml.ini file that has a name the same as the value of the REMOTE_USER, and a value that is the password.
Generally, when using HTTP access control it is best to IGNORE_REMOTE_USER and use a general DEFAULT_USER for the given CGI. Because most applications, once accessed would have the same level of access for everyone; and when you required a different level of access you would use a separate CGI. For example, one CGI for read/write access, and a separate CGI for read only access.
The last security level for the system is the database itself. Each account name in the Connectivity server must be granted privileges on the database that is to be accessed. Each account can be granted various levels of access on each table in the database: no access, read only access, read/write access, right through to DBA access. Details of how to set up these privileges are given in the Empress SQL Reference manual.
Each CGI username should be given the minimum access that is needed to run the HTML Toolkit access applications. For example:
Read only application should be only granted SELECT privileges.
Applications that want users to add information to a database should only be granted SELECT and INSERT privileges. They should not be granted UPDATE or DELETE privileges unless you want them to modify records that already exist.
You have two applications: one of which is a read only database, open to all users, the other of which is a read/write application used to administer the tables in the database.
These applications are located under:
DocumentRoot/open/user/accounts DocumentRoot/admin/user/accounts
The toolkit CGI's for these applications are set as ScriptAliases open and empadmin, and the empadmin ScriptAlias is set up to use HTTP server access control. The ehtml.ini files for these two CGI directories would then contain:
ehtml.ini for open
DEFAULT_USER=bert DEFAULT_PASSWORD=berts_password EH_DOC_ROOT=/open/user
ehtml.ini for empadmin
DEFAULT_USER=ernie DEFAULT_PASSWORD=ernies_password EH_DOC_ROOT=/admin/user IGNORE_REMOTE_USER=true
This would cause the open CGI to access the Connectivity Server as bert, and the empadmin CGI to access it as ernie.
These would therefore have to be valid accounts in the Connectivity Server password file.
Since open is a read only CGI the bert account would be granted SELECT privileges on the tables in the database. But. since empadmin is an administration application, the ernie account would be granted ALL privileges on the tables.