Method for executing a user-requested CGI program in a new authentication context while protecting operation of a default web server program
First Claim
1. A method for protecting concurrently executing computer processes running in a data processing system, comprising the steps of:
- executing a first process;
detecting that a second process related to the first process should be started;
starting the second process in an encapsulation process that isolates the second process from the first process so that any problem encountered during operation of the second process does not impact execution of the first process.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of executing Common Gateway Interface (CGI) programs in a computer network having a Web client and a Web server, the server connectable to a secure distributed file system of a distributed computing environment. If a Web client user request requires CGI processing, the requested CGI program is run in a new process spawned from the Web server thread and executing within the context of the temporary user identity set up with the proper DCE credentials. This function is effected by saving the name and path of the user-requested CGI program and then substituting the name and path of an encapsulation CGI program. The encapsulation CGI program starts the user-requested CGI program in a new process (i.e. a desktop) within the context of the temporary user identity (having proper DCE credentials). The encapsulation program thus ensures that the CGI program being executed cannot harm the default Web server desktop.
-
Citations
25 Claims
-
1. A method for protecting concurrently executing computer processes running in a data processing system, comprising the steps of:
-
executing a first process; detecting that a second process related to the first process should be started; starting the second process in an encapsulation process that isolates the second process from the first process so that any problem encountered during operation of the second process does not impact execution of the first process. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for accessing a secure database, comprising the steps of:
-
obtaining a temporary userid for a first process for use in accessing the secure database; executing the first process; starting a second process within an encapsulation process to isolate the second process from the first process so that operation of the second process does not harm the first process; passing the temporary userid to the encapsulation process so that the second process may access the secure database. - View Dependent Claims (7, 8, 9, 10, 11, 12, 16)
-
-
13. A method of accessing a secure database, comprising the steps of:
-
creating a pool of userids for a first operating system; selecting a userid from the pool; adding the selected userid to a registry of userids for the first operating system; creating a credential file for a first process; associating the selected userid to the credential file; starting the first process; starting a second process within an encapsulation process to isolate the second process from the first process so that operation of the second process does not harm the first process; and passing the selected userid to the encapsulation process so that the second process may access the secure database. - View Dependent Claims (14, 15)
-
-
17. A computer program product in a computer-readable medium for use in accessing a secure shared resource, comprising:
-
means for spawning a child process from a parent process; and means for isolating the child process from the parent process as the child process accesses the secure shared resource. - View Dependent Claims (18)
-
-
19. In a computer network in which a client is connectable to a server to enable access to documents within a secure database, the server having a native operating system and including at least one server process that launches a child process, the improvement comprising:
-
means for associating a temporary native operating system userid with a credential to facilitate access to the secure database; means for configuring the server to override a service method that normally launches the child process; and means for encapsulating the service method between a first program, executable in the child process, and a second program, executable in the server process; wherein, upon execution, the first program uses the temporary operating system userid and the credential to access a file in the secure database. - View Dependent Claims (20, 21, 22)
-
-
23. A computer connectable to a secure database, comprising:
-
a processor; a native operating system; a Web server program for processing client requests; and means for associating a temporary native operating system userid with a credential to facilitate access to the secure database; means for configuring the Web server program to override a service method that normally launches a child process; and means for encapsulating the service method between a first program, executable in the child process, and a second program, executable in the server process; wherein, upon execution, the first program uses the temporary operating system userid and the credential to access a file in the secure database. - View Dependent Claims (24, 25)
-
Specification