Thanks for the tip!

-----Original Message-----
[]On Behalf
Of Bruce Jin
Sent: Wednesday, October 12, 2005 8:46 AM
To: Java Programming on and around the iSeries / AS400
Subject: Re: JTOpen Login from batch programs on a remote server

>(1) decompiles a Java class to get the encryption key, 

You can obfuscate your class to make decompile difficult:

Kelly Cookson wrote:

>Thanks for the responses. 
>It looks like I have to create a default user profile on the iSeries so my 
>JTOpen classes can have a user ID and password to access the iSeries. 
>I'm thinking about a system that will let me automatically change the default 
>user password on a regular basis. 
>I'm going to create a Java program on the PeopleSoft server that will:
>(1) generate a random string,
>(2) update the default user profile password on the iSeries with the random 
>(3) encrypt the random string,
>(4) write the encrypted string to an IFS file,
>(5) FTP the IFS file to a text file on the PeopleSoft server.
>I'm also going to create a Java class called Password that will read the 
>encrypted string from the text file on the PeopleSoft server and decrypt it. 
>My JTOpen classes will always call the Password class to get the password for 
>connecting to the iSeries.
>This way I never hardcode passwords into the JTOpen classes. I can change the 
>passwords periodically and automatically. Also, a person cannot get the 
>password from the PeopleSoft server unless that person: (1) decompiles a Java 
>class to get the encryption key, (2) gets the encrypted password from the 
>PeopleSoft text file, and (3) writes a script to decrypt the password. This 
>may not pose a serious challenge to experienced hackers, but it will pose a 
>challenge to most of the people inside our company firewall, where this whole 
>set-up sits.
>I will also take your advice and assign *SIGNOFF to the First Menu of the 
>default user profile. That means someone who manages to get the password must 
>still find a way to exploit it through programming. 
>Any glaring weaknesses that I'm overlooking? Any ideas for improvements?
>From: java400-l-bounces@xxxxxxxxxxxx on behalf of Glenn Holmer
>Sent: Tue 10/11/2005 10:35 AM
>To: Java Programming on and around the iSeries / AS400
>Subject: Re: JTOpen Login from batch programs on a remote server
>On Tuesday 11 October 2005 09:45, Ashish Kulkarni wrote:
>>We had a similar situation, we have created a standard
>>user id, password on AS400, this password does not
>>expire, and for security reason, this user does not
>>access to green screen, to achieve in the user profile
>>we have defined
>>First menu  . . . . . . .   *SIGNOFF
>>this will signoff the user as soon as he logs in from
>>green screen,
>We did this too.
>Glenn Holmer                          gholmer@xxxxxxxxxxxxxx
>Software Engineer                        phone: 414-908-1809
>Weyco Group, Inc.                          fax: 414-908-1601
>This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) 
>mailing list
>To post a message email: JAVA400-L@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>or email: JAVA400-L-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives

This thread ...

Return to Archive home page | Return to MIDRANGE.COM home page