I have writtem my own custom authentication provider. I am connecting to sql server 2008 to get my users, roles and groups. For connecting to sql server database to get my user information I am reading userid and password from namespace property file which stored in the configuration directory of BIServer. For production we can store database password on flat files.
I could also send hard coded password as a command line parameter in bootstrap_winx64 but again this is not good solution to the problem.
Please give me the idea from where I should send this password to my main namespace JCAP entry class so that it can read and connect to database.
like log.info(" Namespace Password "+System.getProperty("namespace.password"));
NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
This topic has been locked.
1 reply Latest Post - 2012-05-10T20:20:02Z by SystemAdmin
Pinned topic custom authentication provider Password Issue
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-05-10T20:20:02Z at 2012-05-10T20:20:02Z by SystemAdmin
SystemAdmin 110000D4XK217 PostsACCEPTED ANSWER
Re: custom authentication provider Password Issue2012-05-10T20:20:02Z in response to SystemAdminThe authentication provider is running in its own application context, deep inside the Cognos call stack. The API tells you what it can see in the environment: cookies, request headers, form fields and various credential call-backs from Cognos.
It seems to me that providing the DB password at run-time could be a security vulnerability. Why not use an encryption scheme so that it is stored on the property file, encrypted? In java code you can do anything but the run-time call-back interface is very well defined.