RE: JTOpen Login from batch programs on a remote server -- JAVA400-L

Thanks for the tip!
Kelly

-----Original Message-----
From: java400-l-bounces+kcookson=dotfoods.com@xxxxxxxxxxxx
[mailto:java400-l-bounces+kcookson=dotfoods.com@xxxxxxxxxxxx]On Behalf
Of Bruce Jin
Sent: Wednesday, October 12, 2005 8:46 AM
To: Java Programming on and around the iSeries / AS400
Subject: Re: JTOpen Login from batch programs on a remote server


>(1) decompiles a Java class to get the encryption key, 

You can obfuscate your class to make decompile difficult: 
https://www.informit.com/guides/content.asp?g=java&seqNum=109&rl=1



Kelly Cookson wrote:

>Thanks for the responses. 
> 
>It looks like I have to create a default user profile on the iSeries so my 
>JTOpen classes can have a user ID and password to access the iSeries. 
> 
>I'm thinking about a system that will let me automatically change the default 
>user password on a regular basis. 
> 
>I'm going to create a Java program on the PeopleSoft server that will:
>(1) generate a random string,
>(2) update the default user profile password on the iSeries with the random 
>string,
>(3) encrypt the random string,
>(4) write the encrypted string to an IFS file,
>(5) FTP the IFS file to a text file on the PeopleSoft server.
> 
>I'm also going to create a Java class called Password that will read the 
>encrypted string from the text file on the PeopleSoft server and decrypt it. 
> 
>My JTOpen classes will always call the Password class to get the password for 
>connecting to the iSeries.
> 
>This way I never hardcode passwords into the JTOpen classes. I can change the 
>passwords periodically and automatically. Also, a person cannot get the 
>password from the PeopleSoft server unless that person: (1) decompiles a Java 
>class to get the encryption key, (2) gets the encrypted password from the 
>PeopleSoft text file, and (3) writes a script to decrypt the password. This 
>may not pose a serious challenge to experienced hackers, but it will pose a 
>challenge to most of the people inside our company firewall, where this whole 
>set-up sits.
> 
>I will also take your advice and assign *SIGNOFF to the First Menu of the 
>default user profile. That means someone who manages to get the password must 
>still find a way to exploit it through programming. 
> 
>Any glaring weaknesses that I'm overlooking? Any ideas for improvements?
> 
>Thanks,
>Kelly
> 
>
>________________________________
>
>From: java400-l-bounces@xxxxxxxxxxxx on behalf of Glenn Holmer
>Sent: Tue 10/11/2005 10:35 AM
>To: Java Programming on and around the iSeries / AS400
>Subject: Re: JTOpen Login from batch programs on a remote server
>
>
>
>On Tuesday 11 October 2005 09:45, Ashish Kulkarni wrote:
>  
>
>>We had a similar situation, we have created a standard
>>user id, password on AS400, this password does not
>>expire, and for security reason, this user does not
>>access to green screen, to achieve in the user profile
>>we have defined
>>First menu  . . . . . . .   *SIGNOFF
>>this will signoff the user as soon as he logs in from
>>green screen,
>>    
>>
>
>We did this too.
>
>--
>____________________________________________________________
>Glenn Holmer                          gholmer@xxxxxxxxxxxxxx
>Software Engineer                        phone: 414-908-1809
>Weyco Group, Inc.                          fax: 414-908-1601
>--
>This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) 
>mailing list
>To post a message email: JAVA400-L@xxxxxxxxxxxx
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/mailman/listinfo/java400-l
>or email: JAVA400-L-request@xxxxxxxxxxxx
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/java400-l.
>
>
>
>  
>