|
Thanks for the tip! Kelly -----Original Message----- From: java400-l-bounces+kcookson=dotfoods.com@xxxxxxxxxxxx [mailto:java400-l-bounces+kcookson=dotfoods.com@xxxxxxxxxxxx]On Behalf Of Bruce Jin Sent: Wednesday, October 12, 2005 8:46 AM To: Java Programming on and around the iSeries / AS400 Subject: Re: JTOpen Login from batch programs on a remote server >(1) decompiles a Java class to get the encryption key, You can obfuscate your class to make decompile difficult: https://www.informit.com/guides/content.asp?g=java&seqNum=109&rl=1 Kelly Cookson wrote: >Thanks for the responses. > >It looks like I have to create a default user profile on the iSeries so my >JTOpen classes can have a user ID and password to access the iSeries. > >I'm thinking about a system that will let me automatically change the default >user password on a regular basis. > >I'm going to create a Java program on the PeopleSoft server that will: >(1) generate a random string, >(2) update the default user profile password on the iSeries with the random >string, >(3) encrypt the random string, >(4) write the encrypted string to an IFS file, >(5) FTP the IFS file to a text file on the PeopleSoft server. > >I'm also going to create a Java class called Password that will read the >encrypted string from the text file on the PeopleSoft server and decrypt it. > >My JTOpen classes will always call the Password class to get the password for >connecting to the iSeries. > >This way I never hardcode passwords into the JTOpen classes. I can change the >passwords periodically and automatically. Also, a person cannot get the >password from the PeopleSoft server unless that person: (1) decompiles a Java >class to get the encryption key, (2) gets the encrypted password from the >PeopleSoft text file, and (3) writes a script to decrypt the password. This >may not pose a serious challenge to experienced hackers, but it will pose a >challenge to most of the people inside our company firewall, where this whole >set-up sits. > >I will also take your advice and assign *SIGNOFF to the First Menu of the >default user profile. That means someone who manages to get the password must >still find a way to exploit it through programming. > >Any glaring weaknesses that I'm overlooking? Any ideas for improvements? > >Thanks, >Kelly > > >________________________________ > >From: java400-l-bounces@xxxxxxxxxxxx on behalf of Glenn Holmer >Sent: Tue 10/11/2005 10:35 AM >To: Java Programming on and around the iSeries / AS400 >Subject: Re: JTOpen Login from batch programs on a remote server > > > >On Tuesday 11 October 2005 09:45, Ashish Kulkarni wrote: > > >>We had a similar situation, we have created a standard >>user id, password on AS400, this password does not >>expire, and for security reason, this user does not >>access to green screen, to achieve in the user profile >>we have defined >>First menu . . . . . . . *SIGNOFF >>this will signoff the user as soon as he logs in from >>green screen, >> >> > >We did this too. > >-- >____________________________________________________________ >Glenn Holmer gholmer@xxxxxxxxxxxxxx >Software Engineer phone: 414-908-1809 >Weyco Group, Inc. fax: 414-908-1601 >-- >This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) >mailing list >To post a message email: JAVA400-L@xxxxxxxxxxxx >To subscribe, unsubscribe, or change list options, >visit: http://lists.midrange.com/mailman/listinfo/java400-l >or email: JAVA400-L-request@xxxxxxxxxxxx >Before posting, please take a moment to review the archives >at http://archive.midrange.com/java400-l. > > > > >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.