Thanks for the responses. 
It looks like I have to create a default user profile on the iSeries so my 
JTOpen classes can have a user ID and password to access the iSeries. 
I'm thinking about a system that will let me automatically change the default 
user password on a regular basis. 
I'm going to create a Java program on the PeopleSoft server that will:
(1) generate a random string,
(2) update the default user profile password on the iSeries with the random 
(3) encrypt the random string,
(4) write the encrypted string to an IFS file,
(5) FTP the IFS file to a text file on the PeopleSoft server.
I'm also going to create a Java class called Password that will read the 
encrypted string from the text file on the PeopleSoft server and decrypt it. 
My JTOpen classes will always call the Password class to get the password for 
connecting to the iSeries.
This way I never hardcode passwords into the JTOpen classes. I can change the 
passwords periodically and automatically. Also, a person cannot get the 
password from the PeopleSoft server unless that person: (1) decompiles a Java 
class to get the encryption key, (2) gets the encrypted password from the 
PeopleSoft text file, and (3) writes a script to decrypt the password. This may 
not pose a serious challenge to experienced hackers, but it will pose a 
challenge to most of the people inside our company firewall, where this whole 
set-up sits.
I will also take your advice and assign *SIGNOFF to the First Menu of the 
default user profile. That means someone who manages to get the password must 
still find a way to exploit it through programming. 
Any glaring weaknesses that I'm overlooking? Any ideas for improvements?


From: java400-l-bounces@xxxxxxxxxxxx on behalf of Glenn Holmer
Sent: Tue 10/11/2005 10:35 AM
To: Java Programming on and around the iSeries / AS400
Subject: Re: JTOpen Login from batch programs on a remote server

On Tuesday 11 October 2005 09:45, Ashish Kulkarni wrote:
> We had a similar situation, we have created a standard
> user id, password on AS400, this password does not
> expire, and for security reason, this user does not
> access to green screen, to achieve in the user profile
> we have defined
> First menu  . . . . . . .   *SIGNOFF
> this will signoff the user as soon as he logs in from
> green screen,

We did this too.

Glenn Holmer                          gholmer@xxxxxxxxxxxxxx
Software Engineer                        phone: 414-908-1809
Weyco Group, Inc.                          fax: 414-908-1601
This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) 
mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page