Anonymous_User Absent Member.
Absent Member.
456 views

Copy Credentials only copies one character ?


Hi,

I have created a application using the Generic Wizard in 7.03 for a web
page login. The idea is that we can dsitribute this definition so users
do NOT get the credentials (the website is a megadollar subscription).

This works beatifully for the account the definition was created on.

I then copy the Application and Credentials using iManager 2.7.6 with
SecureLogin plugin 7.0.3.20130129 but the resulting copy has only 1
character of the password copied. The Login name is complete though.

If I then edit the SecureLogin configuration for the "target" user in
iManager to re-enter the correct password - it is stored properly and
works.

So it seems that the Copy process for Credentials is not working
correctly even though it says "copy completed successfully". SecureLogin
is running against eDirectory in our case.

Is this a known issue ?

Does anyone use this process successfully and if so what version plug-in
are you running ?

Regards
Ian Blackwood


--
iblackwood
------------------------------------------------------------------------
iblackwood's Profile: https://forums.netiq.com/member.php?userid=4017
View this thread: https://forums.netiq.com/showthread.php?t=47613

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Copy Credentials only copies one character ?

> I have created a application using the Generic Wizard in 7.03 for a web
> page login. The idea is that we can dsitribute this definition so users
> do NOT get the credentials (the website is a megadollar subscription).


Just to be sure this is clear, if somebody has SecureLogin on their
computer and SecureLogin passes data to another application, even behind
the asterisks of a password field, there is no way in the world you can
hope to guarantee that the user cannot get access to the data behind those
asterisks. If that is your goal, you're wasting time. There are too many
trivial ways to get data out of applications. As is always the case,
physical access means 'root' access, so if SecureLogin is installed on a
machine where the user can reconfigure the browser to go through a proxy,
or add a plugin/add-on to capture HTTP headers, they'll get the password.
For this reason each user should have their own credentials, so that on
the server side those credentials can be controlled.

Good luck.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Copy Credentials only copies one character ?


I am aware that this is by no means secure against someone wanting to
sniff the credentials.

However, this removes the need to write it on a post it note, or put it
in an easily shared email.

The website will not issue an account per user - not that this would
make it more secure. We work with what we have.

Access Manager would be a better solution but we don't have it.

An RTFM later and I can state that "copy credentials" does not copy the
password. Apparently WAD.

So I have to enter the password for each object I copy the application
to.

Cheers
Ian


--
iblackwood
------------------------------------------------------------------------
iblackwood's Profile: https://forums.netiq.com/member.php?userid=4017
View this thread: https://forums.netiq.com/showthread.php?t=47613

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Copy Credentials only copies one character ?

Ian,

A few years ago at a BrainShare I was discussing this with some of the
old Protocom people and we thought that you may be able to define the
ID/Password pair against the container (in the same manner as the
corporate scripts) and that this would then flow down to all fo the
relevant users. You would potentially need to find some other way of
limiting access to the web site (group membership, attribute information
or something similar).

As an alternative you could use SLAPTOOL or push the ID/Password into
the relevant user by LDAP or IDM. This would allow for the specific
user to receive the information while other users do not.

Dave

On 24/04/2013 01:34, iblackwood wrote:
>
> I am aware that this is by no means secure against someone wanting to
> sniff the credentials.
>
> However, this removes the need to write it on a post it note, or put it
> in an easily shared email.
>
> The website will not issue an account per user - not that this would
> make it more secure. We work with what we have.
>
> Access Manager would be a better solution but we don't have it.
>
> An RTFM later and I can state that "copy credentials" does not copy the
> password. Apparently WAD.
>
> So I have to enter the password for each object I copy the application
> to.
>
> Cheers
> Ian
>
>

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.