Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
1 reply Latest Post - ‏2012-05-10T20:20:02Z by SystemAdmin
SystemAdmin
SystemAdmin
217 Posts
ACCEPTED ANSWER

Pinned topic custom authentication provider Password Issue

‏2012-05-10T19:43:45Z |
Hi,

I have writtem my own custom authentication provider. I am connecting to sql server 2008 to get my users, roles and groups. For connecting to sql server database to get my user information I am reading userid and password from namespace property file which stored in the configuration directory of BIServer. For production we can store database password on flat files.

I could also send hard coded password as a command line parameter in bootstrap_winx64 but again this is not good solution to the problem.

<param>"-Dnamespace.password=blahblah!"</param>

Please give me the idea from where I should send this password to my main namespace JCAP entry class so that it can read and connect to database.

like log.info(" Namespace Password "+System.getProperty("namespace.password"));
Updated on 2012-05-10T20:20:02Z at 2012-05-10T20:20:02Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    217 Posts
    ACCEPTED ANSWER

    Re: custom authentication provider Password Issue

    ‏2012-05-10T20:20:02Z  in response to SystemAdmin
    The authentication provider is running in its own application context, deep inside the Cognos call stack. The API tells you what it can see in the environment: cookies, request headers, form fields and various credential call-backs from Cognos.

    It seems to me that providing the DB password at run-time could be a security vulnerability. Why not use an encryption scheme so that it is stored on the property file, encrypted? In java code you can do anything but the run-time call-back interface is very well defined.