Secure the query_contents program

Secure the query_contents program

The query_contents CGI program is used by ISAM to display junctioned Web server object spaces in the Web Portal Manager. It is very important to secure this file to prevent unauthorized users from running it. Set a security policy that allows only the policy server (pdmgrd) identity to have access to the query_contents program. The following example ACL (query_contents_acl) meets this criteria:
group ivmgrd-servers Tl
user sec_master dbxTrlcam

Use the pdadmin utility to attach this ACL to the query_contents.sh (UNIX) or query_contents.exe (Windows) object on the junctioned servers. For example (UNIX):

pdadmin> acl attach /WebSEAL/host/junction-name/cgi-bin/query_contents.sh query_contents_acl

Parent topic: How to generate a back-end server Web space (query_contents)