On Aug 20, 2024, at 9:14 AM, Nair, Dilip <Dilip.Nair@xxxxxxxxxxxxxxx> wrote:
We are currently using AS400 object to validate user profiles and invoke RPG programs from Java.
User and password to create the object is hardcoded in the program.
Looking for ideas on how to secure the password than hardcoding in the program
I’ve never used this technique, but it was something I looked at when I was working on Implementer.
Take a look at profile tokens … IIRC, you can generate it once and reuse it, as long as you use it at least once within its expiration time limit.
https://javadoc.midrange.com/jtopen/com/ibm/as400/access/AS400.html#getProfileToken(java.lang.String,%20char%5B%5D,%20int,%20int)
You can store the token in a serialized form.
This does require that you ask the user for a password once per session though.
Another thing I looked at is using the Windows keystore to get an encryption key.
Something you night want to consider is creating a server job that runs on the host to invoke the application on behalf of the user requesting it. You could use the user profile handle switching api’s to switch users.
You’ll need to implement your own security mechanism to prevent unauthorized use.
david
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.