Hello Listers; Hopefully this post finds you well - Thanks in advance for feedback...
I have written several ARS 7.x Java API based utilities, which all run just fine - and this weekend when I was doing the documentation for them - in the "Security Section" - I obviously mentioned all the normal "Remedy Security" topics (group permissions, etc)... Then I got stuck on the "Login ID / Password" security issue. So I figured - someone else must-a already been down this path - so I googled (and googled and googled) but found very little with some 'concrete answers' so to say. So as I see it there are a few - somewhat limited options - in this area: ZERO Security - Hard-Code the ID / PW in the API (YUCK - not maintainable, single server setup, etc) Accept ID / PW over command line (At least the script can maintain the ID / PW, allows for reuse over different servers) LIMITED Security Tuck the ID / PW into a simple text file which the OS PERMISSIONS will restrict - however ID / PW is in clear text SOMEWHAT More Security Create a utility to encrypt the ID / PW into a file - which then is under OS PERMISSIONS - that the application can pick up and decode So, I'd like to hear how other people have dealt with this "ID / PW" Security topic in the past, etc. Thanks-n-advance; Robert Molenda _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: RMI Solutions ARSlist: "Where the Answers Are"
