Web server account manager plug-in for monitoring resources
    2.
    发明授权
    Web server account manager plug-in for monitoring resources 失效
    用于监视资源的Web服务器帐户管理器插件

    公开(公告)号:US6026440A

    公开(公告)日:2000-02-15

    申请号:US789697

    申请日:1997-01-27

    IPC分类号: H04L12/26

    CPC分类号: H04L43/16

    摘要: An account manager plug-in for a Web server having an application programming interface (API). The plug-in is preferably a computer program product comprising a set of instructions (program code) encoded on a computer-readable substrate. This plug-in includes program code for establishing a set of one or more monitored resources (e.g., UrlCounter, ByteCounter, PageCounter and FailedLoginCounter) and for defining a threshold rule for at least one of the set of monitored resources. As Web transactions occur at the Web server, the account manager is responsive to a monitored resource exceeding a condition of a threshold rule for triggering one of a set of threshold actions. The set of threshold actions, for example, include clearing a record counter, running a given program, sending an e-mail note and disabling or enabling a user account.

    摘要翻译: 具有应用程序编程接口(API)的Web服务器的客户经理插件。 插件优选地是包括编码在计算机可读基板上的一组指令(程序代码)的计算机程序产品。 该插件包括用于建立一组一个或多个被监视资源(例如,UrlCounter,ByteCounter,PageCounter和FailedLoginCounter)的程序代码,以及用于定义该组监视资源中的至少一个的阈值规则。 当Web事务发生在Web服务器上时,帐户管理器响应超过阈值规则条件的监视资源,以触发一组阈值动作。 例如,一组阈值操作包括清除记录计数器,运行给定的程序,发送电子邮件信息和禁用或启用用户帐户。

    Distributed file system web server user authentication with cookies
    3.
    发明授权
    Distributed file system web server user authentication with cookies 失效
    分布式文件系统Web服务器用户身份验证与Cookie

    公开(公告)号:US5875296A

    公开(公告)日:1999-02-23

    申请号:US790041

    申请日:1997-01-28

    摘要: A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. In response to receipt by the Web server of a user id and password from the Web client, a login protocol is executed with the security service. If the user can be authenticated, a credential is stored in a database of credentials associated with authenticated users. The Web server then returns to the Web client a persistent client state object having a unique identifier therein. This object, sometimes referred to as a cookie, is then used to enable the Web client to browse Web documents in the distributed file system. In particular, when the Web client desires to make a subsequest request to the distributed file system, the persistent client state object including the identifier is used in lieu of the user's id and password, which makes the session much more secure. In this operation, the cookie identifier is used as a pointer into the credential storage table, and the credential is then retrieved and used to facilitate multiple file accessess from the distributed file system. At the same time, the Web client may obtain access to Web server (as opposed to distributed file system) documents via conventional user id and password in an HTTP request.

    摘要翻译: 将Web客户端认证到可连接到分布式计算环境的分布式文件系统的Web服务器的方法。 分布式计算环境包括用于将凭证返回给被认证以访问分布式文件系统的用户的安全服务。 响应Web服务器收到来自Web客户端的用户ID和密码,与安全服务一起执行登录协议。 如果可以对用户进行身份验证,凭证将被存储在与经过身份验证的用户相关联的凭据数据库中。 然后,Web服务器向Web客户端返回其中具有唯一标识符的持久客户端状态对象。 此对象有时被称为cookie,然后用于使Web客户端浏览分布式文件系统中的Web文档。 具体地说,当Web客户端希望对分布式文件系统作出次要请求时,使用包括标识符的持久客户端状态对象来代替用户的id和密码,这使得会话更加安全。 在这个操作中,cookie标识符被用作指向证书存储表的指针,然后检索凭证并且用于促进来自分布式文件系统的多个文件访问。 同时,Web客户端可以通过HTTP请求中的常规用户标识和密码获取对Web服务器(而不是分布式文件系统)文档的访问。

    Passing environment variables from an hypertext protocol server application programming interface
    4.
    发明授权
    Passing environment variables from an hypertext protocol server application programming interface 失效
    从超文本协议服务器应用程序编程接口传递环境变量

    公开(公告)号:US06549952B1

    公开(公告)日:2003-04-15

    申请号:US08790040

    申请日:1997-01-28

    IPC分类号: G06F900

    CPC分类号: G06F9/44505 H04L67/02

    摘要: A method of enabling an HTTP server plug-in to pass an unmangled environment variable into a CGI process begins by configuring the HTTP server to initially override a CGI service method. When the server processes an HTTP request, the server plug-in, which is called prior to the CGI service method and is running in a process of the HTTP server, inserts a “name value” pair prepended with a marker in a request header parameter block of the HTTP server. Then, the CGI service override method executes the server's original (i.e. native) CGI service method, causing it to run an encapsulation program in the CGI process. This program scans the environment of the CGI process for any string prepended with a given HTTP code (e.g., the string “HTTP_”) and the marker. If it finds any such string, the program strips the given HTTP code and the marker from a remainder of the string and resets the environment variable into the CGI process in an “unmangled” form. The target CGI program is then executed in the CGI process.

    摘要翻译: 使HTTP服务器插件将未调整环境变量传递到CGI进程的方法首先通过配置HTTP服务器来初始地覆盖CGI服务方法。 当服务器处理HTTP请求时,在CGI服务方法之前调用并在HTTP服务器的进程中运行的服务器插件在请求头参数中插入一个带有标记的“名称值”对 阻止HTTP服务器。 然后,CGI服务覆盖方法执行服务器的原始(即本地)CGI服务方法,使其在CGI进程中运行封装程序。 该程序扫描CGI进程的环境,前提是使用给定的HTTP代码(例如字符串“HTTP_”)和标记。 如果找到任何这样的字符串,程序将从字符串的其余部分中删除给定的HTTP代码和标记,并以“unmangled”形式将环境变量重置为CGI进程。 然后在CGI进程中执行目标CGI程序。

    Method and apparatus for providing persistent fault-tolerant proxy login
to a web-based distributed file service
    5.
    发明授权
    Method and apparatus for providing persistent fault-tolerant proxy login to a web-based distributed file service 失效
    用于向基于Web的分布式文件服务提供持久的容错代理登录的方法和装置

    公开(公告)号:US5974566A

    公开(公告)日:1999-10-26

    申请号:US946077

    申请日:1997-10-07

    IPC分类号: H04L29/06 G06F13/00

    CPC分类号: H04L63/08 H04L63/10

    摘要: A method of enabling persistent access by a Web server to files stored in a distributed file system of a distributed computing environment that includes a security service. A session manager is used to perform a proxy login to the security service on behalf of the Web server. Persistent operation of the session manager is ensured by periodically spawning new instances of the session manager process. Each new instance preferably initializes itself against a binding file. A prior instance of the session manager is maintained in an active state for at least a period of time during which the new instance of the session manager initializes itself. Upon receipt of a given transaction request from a Web client to the Web server, a determination is made regarding whether a new instance of the session manager process has been spawned while the Web server was otherwise idle. If so, the Web server is re-bound to the new instance of the session manager process so that the new instance of the session manager process can respond to the transaction request.

    摘要翻译: 一种使Web服务器能够持久访问存储在包括安全服务的分布式计算环境的分布式文件系统中的文件的方法。 会话管理器用于代表Web服务器执行代理登录到安全服务。 通过定期产生会话管理器进程的新实例来确保会话管理器的持续操作。 每个新实例都优选地针对绑定文件初始化本身。 会话管理器的先前实例被保持在活动状态中至少一段时间,在该时间段期间,会话管理器的新实例自身初始化。 在从Web客户端向Web服务器接收到给定的事务请求时,确定在Web服务器否则空闲时是否已经产生了会话管理器进程的新实例。 如果是,则将Web服务器重新绑定到会话管理器进程的新实例,以便会话管理器进程的新实例可以响应事务请求。

    Web client scripting test architecture for web server-based
authentication
    6.
    发明授权
    Web client scripting test architecture for web server-based authentication 失效
    用于基于Web服务器的认证的Web客户端脚本测试体系结构

    公开(公告)号:US06151599A

    公开(公告)日:2000-11-21

    申请号:US118561

    申请日:1998-07-17

    IPC分类号: G06F21/00 G06F15/173

    摘要: A test page including a statement invoking an executable periodically reloading the test page is placed on a Web server having a security plug-in to be tested. The test page may include multiple frames, each containing a reference requesting access to the same test page or each performing a different testing function. The test page may be placed in a protected directory, may include an attempt to access the contents of a file within a different protected directory, and may include attempts to access protected CGI executables or other programs or modules which may be run on the Web server. A remote browser is employed to attempt to access the test page using the userid and password employed to login to the browser. Successful or unsuccessful access to the test page verifies proper operation of the security plug-in. The test page is automatically reloaded by the browser at a selected interval, and multiple frames or multiple browser instances each accessing the test page results in stress testing of the security plug-in.

    摘要翻译: 包括调用可执行程序的语句的测试页面将定期重新加载测试页面放在具有要测试的安全插件的Web服务器上。 测试页可以包括多个帧,每个帧包含请求访问相同测试页面或者每个执行不同测试功能的参考。 测试页面可能被放置在受保护的目录中,可能包括尝试访问不同的受保护目录中的文件的内容,并且可能包括尝试访问受保护的CGI可执行文件或可能在Web服务器上运行的其他程序或模块 。 使用远程浏览器尝试使用用于登录浏览器的用户名和密码访问测试页面。 成功访问或不成功访问测试页验证安全插件的正确操作。 测试页由浏览器以选定的间隔自动重新加载,并且每个访问测试页面的多个框架或多个浏览器实例会导致安全插件的压力测试。

    Method for executing a user-requested CGI program in a new
authentication context while protecting operation of a default web
server program
    8.
    发明授权
    Method for executing a user-requested CGI program in a new authentication context while protecting operation of a default web server program 失效
    用于在保护默认web服务器程序的操作的同时在新的认证上下文中执行用户请求的CGI程序的方法

    公开(公告)号:US6154751A

    公开(公告)日:2000-11-28

    申请号:US78930

    申请日:1998-05-14

    IPC分类号: G06F17/30 H04L29/06

    摘要: A method of executing Common Gateway Interface (CGI) programs in a computer network having a Web client and a Web server, the server connectable to a secure distributed file system of a distributed computing environment. If a Web client user request requires CGI processing, the requested CGI program is run in a new process spawned from the Web server thread and executing within the context of the temporary user identity set up with the proper DCE credentials. This function is effected by saving the name and path of the user-requested CGI program and then substituting the name and path of an encapsulation CGI program. The encapsulation CGI program starts the user-requested CGI program in a new process (i.e. a desktop) within the context of the temporary user identity (having proper DCE credentials). The encapsulation program thus ensures that the CGI program being executed cannot harm the default Web server desktop.

    摘要翻译: 一种在具有Web客户机和Web服务器的计算机网络中执行通用网关接口(CGI)程序的方法,该服务器可连接到分布式计算环境的安全分布式文件系统。 如果Web客户端用户请求需要CGI处理,则所请求的CGI程序在从Web服务器线程生成的新进程中运行,并在使用正确的DCE凭据设置的临时用户身份的上下文中执行。 该功能通过保存用户请求的CGI程序的名称和路径,然后替换封装CGI程序的名称和路径来实现。 封装CGI程序在临时用户身份(具有适当的DCE凭证)的上下文中的新进程(即桌面)中启动用户请求的CGI程序。 因此,封装程序确保正在执行的CGI程序不会对默认的Web服务器桌面造成危害。

    System and method for providing compatibility between distributed file
system namespaces and operating system pathname syntax
    9.
    发明授权
    System and method for providing compatibility between distributed file system namespaces and operating system pathname syntax 失效
    用于提供分布式文件系统命名空间与操作系统路径名语法之间的兼容性的系统和方法

    公开(公告)号:US5689701A

    公开(公告)日:1997-11-18

    申请号:US572582

    申请日:1995-12-14

    IPC分类号: G06F17/30 G06F9/45

    摘要: A system and method facilitating an operating system user's ability to reference objects in a distributed file system having an incompatible namespace. Compatibility is thereby provided between DFS namespaces and operating system pathname syntax not supported in the DFS. A DFS pathname prefix is associated with each drive letter that is attached to a DFS IFS driver. Before an IFS driver is used, an application program issues a command to associate a drive letter with a particular IFS driver. The command issued also carries a DFS pathname prefix within a data buffer. The IFS services the command by validating existence of the DFS pathname prefix, and thereafter stores such prefix into an internal table of the buffer where it is associated with the attached drive letter. File system requests later received by the DFS client IFS driver carrying a pathname containing that drive letter will have their file specifications edited by the DFS code prior to processing. The drive letter in the pathname is replaced by the DFS pathname prefix from the IFS driver's internal table, and operating system slashes in operating system pathname are converted to DFS slashes. The operating system user may thereby reference DFS objects relative to a point in the DFS namespace using the operating system's pathname syntax which the user is more comfortable with.

    摘要翻译: 一种促进操作系统用户在具有不兼容的命名空间的分布式文件系统中引用对象的能力的系统和方法。 DFS命名空间与DFS中不支持的操作系统路径名语法之间提供了兼容性。 DFS路径名前缀与附加到DFS IFS驱动程序的每个驱动器号相关联。 在使用IFS驱动程序之前,应用程序发出命令以将驱动器号与特定的IFS驱动程序相关联。 所发出的命令还在数据缓冲区中携带DFS路径名前缀。 IFS通过验证DFS路径名前缀的存在来对命令进行服务,然后将这样的前缀存储在缓冲区的与附加的驱动器号相关联的内部表中。 稍后由DFS客户端IFS驱动程序接收到的文件系统请求,其携带包含该驱动器盘符的路径名将在处理之前将其文件规范由DFS代码编辑。 路径名中的驱动器号由IFS驱动程序内部表中的DFS路径名前缀替代,操作系统路径名中的操作系统斜杠将转换为DFS斜杠。 因此,操作系统用户可以使用用户更加舒适的操作系统的路径名语法来引用相对于DFS命名空间中的点的DFS对象。

    Method and computer program product for processing signed applets
    10.
    发明授权
    Method and computer program product for processing signed applets 有权
    用于处理签名小程序的方法和计算机程序产品

    公开(公告)号:US06910128B1

    公开(公告)日:2005-06-21

    申请号:US09717524

    申请日:2000-11-21

    IPC分类号: G06F21/00 H04L9/00 H04L29/06

    摘要: A framework for processing signed applets that are distributed over the Internet. Using the framework, an applet that is packaged as a Netscape- or JDK-signed jar file, or as an Internet Explorer-signed cab file, is processed within the same Java runtime environment irrespective of the browser type (i.e. Netscape Communicator, Internet Explorer or JDK) used to execute the applet. When the applet is executed, the framework verifies one or more applet signatures using the same algorithm that was used to sign the applet, verifies the signer(s) of the applet, and stores information about the signers so that they can be honored by a security policy when permissions for the applet are determined.

    摘要翻译: 用于处理通过互联网分发的签名小程序的框架。 使用框架,打包为Netscape或JDK签名的jar文件或作为Internet Explorer签名的cab文件的小程序在同一个Java运行时环境中处理,无论浏览器类型如Netscape Communicator,Internet Explorer 或JDK)用于执行小程序。 当小程序被执行时,框架使用用于签署小程序的相同算法验证一个或多个小程序签名,验证小应用程序的签名者,并存储关于签名者的信息,以便它们可被 确定小程序的权限时的安全策略。