Thanks for the responses. It looks like I have to create a default user profile on the iSeries so my JTOpen classes can have a user ID and password to access the iSeries. I'm thinking about a system that will let me automatically change the default user password on a regular basis. I'm going to create a Java program on the PeopleSoft server that will: (1) generate a random string, (2) update the default user profile password on the iSeries with the random string, (3) encrypt the random string, (4) write the encrypted string to an IFS file, (5) FTP the IFS file to a text file on the PeopleSoft server. I'm also going to create a Java class called Password that will read the encrypted string from the text file on the PeopleSoft server and decrypt it. My JTOpen classes will always call the Password class to get the password for connecting to the iSeries. This way I never hardcode passwords into the JTOpen classes. I can change the passwords periodically and automatically. Also, a person cannot get the password from the PeopleSoft server unless that person: (1) decompiles a Java class to get the encryption key, (2) gets the encrypted password from the PeopleSoft text file, and (3) writes a script to decrypt the password. This may not pose a serious challenge to experienced hackers, but it will pose a challenge to most of the people inside our company firewall, where this whole set-up sits. I will also take your advice and assign *SIGNOFF to the First Menu of the default user profile. That means someone who manages to get the password must still find a way to exploit it through programming. Any glaring weaknesses that I'm overlooking? Any ideas for improvements? Thanks, Kelly ________________________________ From: java400-l-bounces@xxxxxxxxxxxx on behalf of Glenn Holmer Sent: Tue 10/11/2005 10:35 AM To: Java Programming on and around the iSeries / AS400 Subject: Re: JTOpen Login from batch programs on a remote server On Tuesday 11 October 2005 09:45, Ashish Kulkarni wrote: > We had a similar situation, we have created a standard > user id, password on AS400, this password does not > expire, and for security reason, this user does not > access to green screen, to achieve in the user profile > we have defined > First menu . . . . . . . *SIGNOFF > this will signoff the user as soon as he logs in from > green screen, We did this too. -- ____________________________________________________________ Glenn Holmer gholmer@xxxxxxxxxxxxxx Software Engineer phone: 414-908-1809 Weyco Group, Inc. fax: 414-908-1601 -- This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/java400-l or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/java400-l.
This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact