We set up a user profile and set the initial menu to *SIGNOFF. But we also 
created a Java application that: (1) generates a random string of numbers and 
letters, (2) changes the user password to the random string of numbers and 
letters using Toolbox for Java, (3) encrypts the random string of numbers and 
letters, and (4) saves the encrypted password in a text file. When one of our 
Java apps needs to sign on to the iSeries, it requests the decrypted password 
from a class that reads the password from the text file and decrypts it. 

It's not a perfect security solution, but someone would have to decompile the 
Java classes to get the encryption key, decrypt the password, then write 
programs to exploit the password (since the initial menu is set to *SIGNOFF). 
Of course, anyone listening over the wires when the password is sent to the 
iSeries would get the unencrypted password, but this is true for all Toolbox 
for Java apps that access the iSeries remotely.


-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx
[mailto:java400-l-bounces@xxxxxxxxxxxx]On Behalf Of Chris Wolcott
Sent: Tuesday, January 03, 2006 9:00 AM
To: java400-l@xxxxxxxxxxxx
Subject: RE: Running Java Application from Job Scheduler and User Has

PASSWORD(*NONE) makes it so the profile can not login at all.  It
effectively makes it only eligible to own objects and be an authority
reference.  In addition to setting the password to 'Gibberish' as was
suggested in a previous post, you can set the initial menu to *SIGNOFF
in the USRPRF.  This way even if they 'guess' the gibberish password
they get signed off first thing.  We had to do this to allow access to
our files via JDBC.  

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.