• 1 reply
  • Latest Post - ‏2012-05-10T20:20:02Z by SystemAdmin
217 Posts

Pinned topic custom authentication provider Password Issue

‏2012-05-10T19:43:45Z |

I have writtem my own custom authentication provider. I am connecting to sql server 2008 to get my users, roles and groups. For connecting to sql server database to get my user information I am reading userid and password from namespace property file which stored in the configuration directory of BIServer. For production we can store database password on flat files.

I could also send hard coded password as a command line parameter in bootstrap_winx64 but again this is not good solution to the problem.


Please give me the idea from where I should send this password to my main namespace JCAP entry class so that it can read and connect to database.

like" Namespace Password "+System.getProperty("namespace.password"));
Updated on 2012-05-10T20:20:02Z at 2012-05-10T20:20:02Z by SystemAdmin
  • SystemAdmin
    217 Posts

    Re: custom authentication provider Password Issue

    The authentication provider is running in its own application context, deep inside the Cognos call stack. The API tells you what it can see in the environment: cookies, request headers, form fields and various credential call-backs from Cognos.

    It seems to me that providing the DB password at run-time could be a security vulnerability. Why not use an encryption scheme so that it is stored on the property file, encrypted? In java code you can do anything but the run-time call-back interface is very well defined.