Phew!! Quite a few suggestions ... I wrote a program to Encrypt and then Decrypt ... but the same security issue of "storing the key" is popping up now ...as pointed out by a couple of people above.
Well, to be clear, i will tell the scenario once more There is an interface A which uses a user B (T24 Super User) to created LD records in real time during the day. The credentials for B (User name and Pswd) are stored in a parameter table from where the interface reads the values. We do not want anyone to see this stored password as the user is a Super User and thus the pswd shld be encrypted at the time if storage. I created a validation routine and attached it to the template, so that it encrypts the pswd each time it is entered. Then the decrypt will happen inside the interface where the encrypted value will be read and the pswd will be decrypted. The only problem now is the storage of the key. As the code is accessible to IT users, they can easily see what is happening inside the routine and get the pswd. So, the storage of the key is an issue now. We are thinking of storing the key in a file system inaccessible to the users but accessible to the program. But that doesnt sound too secure either. Any suggestions?? On Jan 18, 4:56 pm, David Grenfell <[email protected]> wrote: > I don't know if you found your answer yet, but I still work with 3.4x and > have found that the build in encryption works just fine if you do this. > > to enter in the first place, let the user type in his password, encrypt and > save. > > Whenever the user must use the password, have them type it in, encrypt it > again and see if the encryption matches the saved one. If so, bob's your > uncle. do this way because there is no decryption routine. > > David Grenfell> Date: Sun, 18 Jan 2009 11:59:38 -0800> Subject: Re: > Encryption routine> From: [email protected]> To: > [email protected]> > > There's a lot more here...> > > http://www.iturls.com/english/NetSecurity/Encryption.asp> > Enjoy!> > On Jan > 15, 10:57 pm, Pratosh <[email protected]> wrote:> > Is there any inbuilt core > routine in infobasic which can give me the> > functionality of > Encryption/Decryption?> >> > The requirement is - to encrypt the password > stored for a user in a> > local table; encrypting the password when it is > entered in the field> > and decrypting it when it is read by a routine.> >> > > Thanks> > Pratosh> > > _________________________________________________________________ > Keep in touch and up to date with friends and family. Make the connection > now.http://www.microsoft.com/windows/windowslive/ --~--~---------~--~----~------------~-------~--~----~ Please read the posting guidelines at: http://groups.google.com/group/jBASE/web/Posting%20Guidelines IMPORTANT: Type T24: at the start of the subject line for questions specific to Globus/T24 To post, send email to [email protected] To unsubscribe, send email to [email protected] For more options, visit this group at http://groups.google.com/group/jBASE?hl=en -~----------~----~----~----~------~----~------~--~---
