RE: Running Java Application from Job Scheduler and User Has NoPassword

We set up a user profile and set the initial menu to *SIGNOFF. But we also 
created a Java application that: (1) generates a random string of numbers and 
letters, (2) changes the user password to the random string of numbers and 
letters using Toolbox for Java, (3) encrypts the random string of numbers and 
letters, and (4) saves the encrypted password in a text file. When one of our 
Java apps needs to sign on to the iSeries, it requests the decrypted password 
from a class that reads the password from the text file and decrypts it. 

It's not a perfect security solution, but someone would have to decompile the 
Java classes to get the encryption key, decrypt the password, then write 
programs to exploit the password (since the initial menu is set to *SIGNOFF). 
Of course, anyone listening over the wires when the password is sent to the 
iSeries would get the unencrypted password, but this is true for all Toolbox 
for Java apps that access the iSeries remotely.

Kelly 

-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx
[mailto:java400-l-bounces@xxxxxxxxxxxx]On Behalf Of Chris Wolcott
Sent: Tuesday, January 03, 2006 9:00 AM
To: java400-l@xxxxxxxxxxxx
Subject: RE: Running Java Application from Job Scheduler and User Has
NoPassword


PASSWORD(*NONE) makes it so the profile can not login at all.  It
effectively makes it only eligible to own objects and be an authority
reference.  In addition to setting the password to 'Gibberish' as was
suggested in a previous post, you can set the initial menu to *SIGNOFF
in the USRPRF.  This way even if they 'guess' the gibberish password
they get signed off first thing.  We had to do this to allow access to
our files via JDBC.