Topic
  • 1 reply
  • Latest Post - ‏2012-05-10T20:20:02Z by SystemAdmin
SystemAdmin
SystemAdmin
217 Posts

Pinned topic custom authentication provider Password Issue

‏2012-05-10T19:43:45Z |
Hi,

I have writtem my own custom authentication provider. I am connecting to sql server 2008 to get my users, roles and groups. For connecting to sql server database to get my user information I am reading userid and password from namespace property file which stored in the configuration directory of BIServer. For production we can store database password on flat files.

I could also send hard coded password as a command line parameter in bootstrap_winx64 but again this is not good solution to the problem.

<param>"-Dnamespace.password=blahblah!"</param>

Please give me the idea from where I should send this password to my main namespace JCAP entry class so that it can read and connect to database.

like log.info(" Namespace Password "+System.getProperty("namespace.password"));
Updated on 2012-05-10T20:20:02Z at 2012-05-10T20:20:02Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    217 Posts

    Re: custom authentication provider Password Issue

    ‏2012-05-10T20:20:02Z  
    The authentication provider is running in its own application context, deep inside the Cognos call stack. The API tells you what it can see in the environment: cookies, request headers, form fields and various credential call-backs from Cognos.

    It seems to me that providing the DB password at run-time could be a security vulnerability. Why not use an encryption scheme so that it is stored on the property file, encrypted? In java code you can do anything but the run-time call-back interface is very well defined.