Description


Solution 1: Extend the functionality of the pathscrambler to include the SOP_PARAMS and SERVICES_EXEC, so the values in the euser, epass, puser and ppass parameters aren\'t human-readable in the asn anymore. Solution 2: Add the possibility to define a webservice connection as a path, so the connection string can be - scrambled - entered in proc with the \'open\' statement - for local web services add integrated security functionality (like in MSS driver).

Use Case


It is not secure to store unscrambled usernames and passwords in configuration files. Solution 1: - Add the SOP_PARAMS or $SOP [Services_exec] entries in the application asn. - execute the pathscrambler tool for the asn - distribute the scrambled asn as usual. Solution 2: - Add Path for each web service in PATHS in ASN. - link signature to path in SERVICES_EXEC in ASN.

Importance


Security

Type


Webservices

Operating System


Not Applicable

Status


Open

0 thoughts on “Secure username/passwords in SOAP_PARAMS”

Leave a Reply