MIDRANGE dot COM Mailing List Archive



Home » JAVA400-L » October 2005

RE: JTOpen Login from batch programs on a remote server



fixed

Thanks for the responses. 
 
It looks like I have to create a default user profile on the iSeries so my 
JTOpen classes can have a user ID and password to access the iSeries. 
 
I'm thinking about a system that will let me automatically change the default 
user password on a regular basis. 
 
I'm going to create a Java program on the PeopleSoft server that will:
(1) generate a random string,
(2) update the default user profile password on the iSeries with the random 
string,
(3) encrypt the random string,
(4) write the encrypted string to an IFS file,
(5) FTP the IFS file to a text file on the PeopleSoft server.
 
I'm also going to create a Java class called Password that will read the 
encrypted string from the text file on the PeopleSoft server and decrypt it. 
 
My JTOpen classes will always call the Password class to get the password for 
connecting to the iSeries.
 
This way I never hardcode passwords into the JTOpen classes. I can change the 
passwords periodically and automatically. Also, a person cannot get the 
password from the PeopleSoft server unless that person: (1) decompiles a Java 
class to get the encryption key, (2) gets the encrypted password from the 
PeopleSoft text file, and (3) writes a script to decrypt the password. This may 
not pose a serious challenge to experienced hackers, but it will pose a 
challenge to most of the people inside our company firewall, where this whole 
set-up sits.
 
I will also take your advice and assign *SIGNOFF to the First Menu of the 
default user profile. That means someone who manages to get the password must 
still find a way to exploit it through programming. 
 
Any glaring weaknesses that I'm overlooking? Any ideas for improvements?
 
Thanks,
Kelly
 

________________________________

From: java400-l-bounces@xxxxxxxxxxxx on behalf of Glenn Holmer
Sent: Tue 10/11/2005 10:35 AM
To: Java Programming on and around the iSeries / AS400
Subject: Re: JTOpen Login from batch programs on a remote server



On Tuesday 11 October 2005 09:45, Ashish Kulkarni wrote:
> We had a similar situation, we have created a standard
> user id, password on AS400, this password does not
> expire, and for security reason, this user does not
> access to green screen, to achieve in the user profile
> we have defined
> First menu  . . . . . . .   *SIGNOFF
> this will signoff the user as soon as he logs in from
> green screen,

We did this too.

--
____________________________________________________________
Glenn Holmer                          gholmer@xxxxxxxxxxxxxx
Software Engineer                        phone: 414-908-1809
Weyco Group, Inc.                          fax: 414-908-1601
--
This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) 
mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.








Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact