Hi Experts,
I am using Documentum 6.5 and Iam trying to avoid hard-coding the Username and Password info in DFC code.
I want to write the code in general java client (Eclipse).
Can anybody help me how can I do this?
Thanks in advance
Is this for the client side, i.e. accessible to users, or server side, such as a webs ite?
if you can't ask users for the username/password then you should externalise the username/password into an external location, such as a properties file.
You should also look into encrypting the data and for this take a look at the DFC encryption code. this will allow you to have the actual data encrypted. Take a look in the DFC development guide around how the BOF user data is encrypted. This will ensure the credentials are not in plain text but unfortunately they can still be used via other code bases. To get around that you'd have to look into securing the properties file/location containing the username/password. You should be able to find good patterns for this via Google.
When I need a "service" account for a repository I try to do the following:
Hi All,
Can you please tell me that in below code how can I use the encrypted password?
public static IDfSession getDocbaseSession() throws DfException
{ IDfSession session = null; try { IDfClientX clientx = new DfClientX(); IDfClient client = clientx.getLocalClient(); IDfLoginInfo loginInfoObj = clientx.getLoginInfo(); //give Docbase userId and PWD for dev environment String devDocbaseUsername=""; String devDocbasePassword=""; //HERE CAN I USE THE ENCRYPTED PASSWORD? String devDocbaseName=""; loginInfoObj.setUser(devDocbaseUsername); loginInfoObj.setPassword(devDocbasePassword);
// create a session using newSession and give below the docbase name for dev env. session = client.newSession(devDocbaseName, loginInfoObj); if (session.isConnected()) { System.out.println("SolutionToITService:getDocbaseSession() connected to the dev docbase"); } else { System.out.println("SolutionToITService:getDocbaseSession() session is not connected"); } } catch (Exception e) { e.printStackTrace(); } finally
{ if (session != null) session.disconnect(); } return session;
}
Th encrypted password you should get will be prefixed by DM_ENCR_PASS.
The whole of the encrypted password including the prefix is what you send over as the password.
I just need a simple answer of my question that Can I use the encrypted password in my code as shown in bold below???
IDfClientX clientx = new DfClientX();
IDfClient client = clientx.getLocalClient();
IDfLoginInfo loginInfoObj = clientx.getLoginInfo();
//give Docbase userId and PWD for dev environment
String devDocbaseUsername="";
String devDocbasePassword=""; //HERE CAN I USE THE ENCRYPTED PASSWORD?
String devDocbaseName="";
loginInfoObj.setUser(devDocbaseUsername);
loginInfoObj.setPassword(devDocbasePassword);
// create a session using newSession and give below the docbase name for dev env. session = client.newSession(devDocbaseName, loginInfoObj); if (session.isConnected()) { System.out.println("SolutionToITService:getDocbaseSession() connected to the dev docbase"); } else { System.out.println("SolutionToITService:getDocbaseSession() session is not connected"); }
Kindly let me know the answer.
Thought the simple answer had been given. yes the encrypted password can be used as long as you rememebr to include the prefix such that the server knows it is an encrypted password.
Encrypted passwords and the like are discussed in the content server manuals so you might want to check these as well.
