Scramble SOP_PARAMS

Author: dennis.van.duijn@sogeti.com (Dennis van Duijn)

Hi all,

We want to call a webservice with end-point authentication (NTLM). For security reasons it is not allowed to store the password for the service plain-text in the asn.

Does anyone have any suggestions how to store the password scrambled? Unfortunately the pathscrambler tool only works for paths.

Regards, Dennis

6 Comments

  1. Hi Dennis,

    I have only built web-services having encrypted username and password as web-service parameters. Although encrypting these in the asn-file you stilll have the problem, that if someone has  got access to the asn-file they can use the web-service with the encrypted user and password. To prevent this one can build some kind of lease-key system, ie. a short-time lease-key is first needed/leased to being able to execute the web-service.

    So tell a bit more, is this user some kind of operating-system user that could harm your system by being able to log on to your system in some other way than using the web-service?

    Is the problem that you don't have access to the encrypted user from source-code (in the web-service) to decrypt it?

    Regards RogerW.  


    Author: rogerw (roger.wallin@abilita.fi)
  2. Hi,

    Perhaps I misunderstood you. Is the username/password sent as "clear text" (perhaps with SSL) over the wire and your problem is to hide the asn-file user/password?

    Regards RogerW.
     


    Author: rogerw (roger.wallin@abilita.fi)
  3. Hi,

    I am required to use http authentication. In Uniface, the username and password are included in the asn, either in the USYS$SOP_PARAMS or in the [SERVICES_EXEC] section:

    USYS$SOP_PARAMS = euser=user1 epass=password1 scheme=LN

    or

    COMP1 $SOP:COMP1 euser=user1 epass=password1 scheme=LN

    It is company policy not to include usernames/passwords in configuration files. I try to find a way to either scramble the username/password in the asn, or an alternative for puting the username/password in the asn (in proc?).


    Author: Dennis van Duijn (dennis.van.duijn@sogeti.com)
  4. Hi,

    seems to be almost the same problem as wanting to change the endpoint in code (new wsdl-parameter). I really don't know what possibilities there are with Uniface. I suppose that you can't access those data (to encrypt, decrypt whatever) before it's sent over the wire. But I'm very interested to hear something about it and get improvements. Anyone?

    Regards RogerW.


    Author: rogerw (roger.wallin@abilita.fi)
  5. Hi,

    If there isn't a solution to this, then it's a bug. You shouldn't have to put a username and password in clear text into the asn-file. Especially as the asn-file  is usually readable by all being able to execute the program.

    Regards RogerW.
     


    Author: rogerw (roger.wallin@abilita.fi)
  6. I agree. (Allthough this works exactly as documented...)

    I'll try entering a wish.


    Author: Dennis van Duijn (dennis.van.duijn@sogeti.com)