Abstract: A method of enabling an HTTP server plug-in to pass an unmangled environment variable into a CGI process begins by configuring the HTTP server to initially override a CGI service method. When the server processes an HTTP request, the server plug-in, which is called prior to the CGI service method and is running in a process of the HTTP server, inserts a “name value” pair prepended with a marker in a request header parameter block of the HTTP server. Then, the CGI service override method executes the server's original (i.e. native) CGI service method, causing it to run an encapsulation program in the CGI process. This program scans the environment of the CGI process for any string prepended with a given HTTP code (e.g., the string “HTTP_”) and the marker. If it finds any such string, the program strips the given HTTP code and the marker from a remainder of the string and resets the environment variable into the CGI process in an “unmangled” form.

Abstract: A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. The method preferably operates within the context of a native operating system environment such as “Windows NT”. Upon initialization of the Web server, a session manager creates a pool of temporary Windows NT user identities. In response to a Web client browser request, a temporary NT user identity is associated with proper DCE credentials. A server process then impersonates the returned NT user identity on a thread which is attempting to access the requested resource.

Abstract: A method of executing Common Gateway Interface (CGI) programs in a computer network having a Web client and a Web server, the server connectable to a secure distributed file system of a distributed computing environment. If a Web client user request requires CGI processing, the requested CGI program is run in a new process spawned from the Web server thread and executing within the context of the temporary user identity set up with the proper DCE credentials. This function is effected by saving the name and path of the user-requested CGI program and then substituting the name and path of an encapsulation CGI program. The encapsulation CGI program starts the user-requested CGI program in a new process (i.e. a desktop) within the context of the temporary user identity (having proper DCE credentials). The encapsulation program thus ensures that the CGI program being executed cannot harm the default Web server desktop.

Abstract: A test page including a statement invoking an executable periodically reloading the test page is placed on a Web server having a security plug-in to be tested. The test page may include multiple frames, each containing a reference requesting access to the same test page or each performing a different testing function. The test page may be placed in a protected directory, may include an attempt to access the contents of a file within a different protected directory, and may include attempts to access protected CGI executables or other programs or modules which may be run on the Web server. A remote browser is employed to attempt to access the test page using the userid and password employed to login to the browser. Successful or unsuccessful access to the test page verifies proper operation of the security plug-in.

Abstract: An account manager plug-in for a Web server having an application programming interface (API). The plug-in is preferably a computer program product comprising a set of instructions (program code) encoded on a computer-readable substrate. This plug-in includes program code for establishing a set of one or more monitored resources (e.g., UrlCounter, ByteCounter, PageCounter and FailedLoginCounter) and for defining a threshold rule for at least one of the set of monitored resources. As Web transactions occur at the Web server, the account manager is responsive to a monitored resource exceeding a condition of a threshold rule for triggering one of a set of threshold actions. The set of threshold actions, for example, include clearing a record counter, running a given program, sending an e-mail note and disabling or enabling a user account.

Abstract: A method of enabling persistent access by a Web server to files stored in a distributed file system of a distributed computing environment that includes a security service. A session manager is used to perform a proxy login to the security service on behalf of the Web server. Persistent operation of the session manager is ensured by periodically spawning new instances of the session manager process. Each new instance preferably initializes itself against a binding file. A prior instance of the session manager is maintained in an active state for at least a period of time during which the new instance of the session manager initializes itself. Upon receipt of a given transaction request from a Web client to the Web server, a determination is made regarding whether a new instance of the session manager process has been spawned while the Web server was otherwise idle.

Abstract: A method of enabling a Web server to impersonate a Web client to thereby obtain access to files stored in a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. In response to receipt of a transaction request from the Web client, a determination is made whether the transaction request has originated from a user authenticated to access the distributed file system. If so, the Web server is controlled to reuse the credential of the user across multiple file accesses in the distributed file system on behalf of the Web client.

Abstract: A method of authenticating a Web client to a Web server connectable to a distributed file system of a distributed computing environment. The distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system. In response to receipt by the Web server of a user id and password from the Web client, a login protocol is executed with the security service. If the user can be authenticated, a credential is stored in a database of credentials associated with authenticated users. The Web server then returns to the Web client a persistent client state object having a unique identifier therein. This object, sometimes referred to as a cookie, is then used to enable the Web client to browse Web documents in the distributed file system.

Abstract: A system and method facilitating an operating system user's ability to reference objects in a distributed file system having an incompatible namespace. Compatibility is thereby provided between DFS namespaces and operating system pathname syntax not supported in the DFS. A DFS pathname prefix is associated with each drive letter that is attached to a DFS IFS driver. Before an IFS driver is used, an application program issues a command to associate a drive letter with a particular IFS driver. The command issued also carries a DFS pathname prefix within a data buffer. The IFS services the command by validating existence of the DFS pathname prefix, and thereafter stores such prefix into an internal table of the buffer where it is associated with the attached drive letter. File system requests later received by the DFS client IFS driver carrying a pathname containing that drive letter will have their file specifications edited by the DFS code prior to processing.