|
Kelly Cookson wrote: > What would be best practices for dealing with using JTOpen when there > is no human end user to provide a user id and password? Do we > necessarily have to create a standard user id and password on the > iSeries for these programs? If so, how should we handle security for > the standard user id and password? You're pretty much stuck with creating a userid on the iSeries that your application authenticates with and storing that userid & it's password in some form of property file or database field. I would suggest you give this user id the absolute minimum authority possible so it can't be used for anything it isn't supposed to do. Another idea (that just popped into my head) ... if security is truly that critical for this database, is to create some kind of authority broker ... where you still have a single user id ... but the password is changed for every request. So your application contacts the authority broker program, performs some sufficiently complex negotiation to ensure that the request is legit, and then the broker changes the user id's password and then gives that password to the client application. The client then connects with the userid. The client app could then indicate to the broker program that it's connected, at which point the broker program would change the password to something random. I'm not sure 'authority broker' is the correct term / pattern. david
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
