UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Captain
Captain
564 views

How do I send a password securly to remote loader?

Hi!

I want to send a password from the startup policy to the remote loader.

How do I do this in a secure manner? Do I have to encrypt it myself, and decrypt on the other side?

BR

/Thomas

Labels (1)
0 Likes
11 Replies
Captain
Captain

To clarify, the communication is not the problem.
I don't want passwords to be logged in the log-files.
Do I have to encrypt myself to hide the clear-text password in the log? Or is there another way to do it?

BR

/Thomas

0 Likes
Admiral
Admiral

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

In fact, what you do first:

Append XML element, build where the attr will go in the process.  Then set the XML Attribute is-sensitive=true, and then finally add in the password. 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

+ you can also disable trace for specific commands
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

True. But what is interesting (David G told me he found this a week or three ago) is if you try to Set local variable to that attribute it STILL won't trace out, because the is-sensitive tag persists in some extra cirumstances.  You would have to Strip by xpath, @IS-sensitive to be able to get at it.

 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

You used to be able to set-local-variable to get the value of a is-sensitive attribute, then trace-message out the variable to see the result. They've blocked that. You have to be more creative now.

 

0 Likes
Admiral
Admiral

As of what version, did they stop that you can trace a password?

 

 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Unknown. I noticed it with 4.7.3.

 

0 Likes
Admiral
Admiral

Intersting. I've always stuffed it into an LV and then traced that. Which has worked for me. 

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Yeah. Me too. I hadn't needed to do that for quite a while, so when I did and the trace spit out "<--- content supressed --->" for the value of the local variable, I was somewhat surprised.

 

0 Likes
Captain
Captain

I already tried this, but added attributes will still be visible in the log since the complete XML is logged at some trace levels.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.