What is the best way to pass username and password in documentum

Hi All,

Suppose I have a requirement where I want to create a session in a component with a username and password other than the user who has logged into the application and launched the component.

One of the possible solutions is to use .properties file and then use it in my code.But still my sensitive password will be exposed. So is there any othe safer mechanism?

Find more posts tagged with

Comments

DCTM_Guru

You can encrypt your password in the properties file using the encryption utility located on the Content Server and then decrypt prior to creating the session. This doesnt prevent someone else from using it within Documentum, but it does the user from knowing the real password outside of Documentum.

tejrajs

If your requirement is just to perform some processing/business logic using another user session, you can invoke server methos where in you can use super user session to create session of any user user (using login ticket) and then can execute/perform your business logic there.

other option is extension to Johnny suggestion, in case if your requirement leads you to store mulitple user's password in properties file, I would suggest you to store super user encrypted password in property file and use it to get any user session in you component. this way you just need to store only one password.

Hartmut_Clausen

If your application has access to a superuser session, you can create login tickets, which can be used as temporary passwords.

DocBuilder

I have come across two methods and they are these.

Through DFC code:

String encPasswd = RegistryPasswordUtils.encrypt(<passwd>);
String passwd = RegistryPasswordUtils.decrypt(encPasswd):

Through API:

encrypttext,c,<text to encrypt here>

decrypttext, c,DM_ENCR_ TEXT=<Encrypted password here>

Can I get some more idea about the encrytion and decryption utility on the content server?

I came across a file dm_encrypt_password.exe on the Content server system.How should I use this?

Hartmut_Clausen

The "encrytption" of DFC is more a masking rather than an encryption. As you already noticed there is also a decrypt() method that can be called by everyone without having a key or something similar. It is almost as insecure as ROT13 http://en.wikipedia.org/wiki/ROT13

You should think about the following topics:

Who (code and/or humans) will have access to the encrypted file
What can be accessed whith the password

If the properties file can only be accessed by administrators that already know the password, you can also store it as plain text. On the other hand if the file can be read on a public network and can be used to access secret documents you should use a very strong protection.

The dm_encrypt_password.exe can be used only in conjunction with the aek.key on the content server. There it is used to encrypt the dbpasswd.txt for the database password and other passwords stored on the content server. I don't think that fits your purposes.

Anurag

I suggest option of creating a registered table instead of properties file and store encrypted password in your registered table. try to apply your own encrption or decryption logic in private class file so that its just you and your code knows how to utilize this.

Problem with storing this username/password is that anyone who has access to your file system becomes aware of this but in case of registered table/database only authorized users will have access to.

I hope this helps.