| Author |
Message
|
| madrox |
 Posted: Thu Feb 18, 2016 8:00 am Post subject: Encrypt / Decrypt clear text with ESQL |
 |
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
Hello Everyone,
I would like to know if it possible to encrypt and decrypt plain text using ESQL in IIB Version: 9.0.0.3
Currently we use a SOAP request node to make a webservice call and we pass a user id and password for authentication. This information is stored in a xml file and I use a file read node to read. We would like to encrypt and decrypt the password and not have it as plain text.
| Code: |
<LoginInformation>
<ClientId>XYZ</ClientId>
<UserID>123</UserID>
<RACFId>abcx123</RACFId>
<RACFPassword>factys124</RACFPassword>
</LoginInformation>
|
|
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu Feb 18, 2016 8:19 am Post subject: Re: Encrypt / Decrypt clear text with ESQL |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| madrox wrote: |
| This information is stored in a xml file and I use a file read node to read. |
That's a terrible idea.
All of the functions that ESQL provides natively are documented in the KC.
If you don't find a function that can encrypt/decrypt, you will have to determine a different method to make those functions available.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Feb 18, 2016 8:30 am Post subject: Re: Encrypt / Decrypt clear text with ESQL |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| madrox wrote: |
| Currently we use a SOAP request node to make a webservice call and we pass a user id and password for authentication. |
That's fair enough.
| madrox wrote: |
| This information is stored in a xml file and I use a file read node to read. |
That's not.
Of all the places to store this kind of static information, how did you come up with that? Why not use the inbuilt IIB facilities?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| madrox |
| Posted: Thu Feb 18, 2016 8:50 am Post subject: |
|
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
| Well, we do not read this file on every request, sorry i was not clear on that. We read this file and store in cache. If the need arises to change the values on the file we refresh the cache and the file read picks up the changes. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Feb 18, 2016 9:11 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| madrox wrote: |
| Well, we do not read this file on every request, sorry i was not clear on that. We read this file and store in cache. If the need arises to change the values on the file we refresh the cache and the file read picks up the changes. |
I stand by all of my previous comments.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Feb 18, 2016 9:21 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
O.K. You'll need to give us much more information before we can be of any real help.
- Are the credentials you seek to encrypt passed in the header or in the payload?
- Are they being passed in encrypted format or clear text?
- Where should they be in encrypted format?
- Is your call made via http or https?
Hope that helps clarify the problem 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| madrox |
| Posted: Thu Feb 18, 2016 9:25 am Post subject: |
|
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
| fjb_saper wrote: |
O.K. You'll need to give us much more information before we can be of any real help.
- Are the credentials you seek to encrypt passed in the header or in the payload?
- Are they being passed in encrypted format or clear text?
- Where should they be in encrypted format?
- Is your call made via http or https?
Hope that helps clarify the problem |
1. The credentials are being passed in the request payload
2. They are being passed as clear text
3. We would like to have the password in the xml file encrypted and decrypted before making the web service request
4. call is made via HTTPS |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu Feb 18, 2016 9:33 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| madrox wrote: |
1. The credentials are being passed in the request payload
2. They are being passed as clear text
3. We would like to have the password in the xml file encrypted and decrypted before making the web service request
4. call is made via HTTPS |
Now we're talking. You should probably use a DB with an encrypted field for the password. Some DB's do the encryption/decryption automatically for you.
The caching within the flow then is the same as with your xml file.
Otherwise there are some fine encryption and decryption facilities to be used with Java or .NET
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| madrox |
| Posted: Thu Feb 18, 2016 9:43 am Post subject: |
|
|
Acolyte
Joined: 11 Mar 2015
Posts: 71
|
| madrox wrote: |
Otherwise there are some fine encryption and decryption facilities to be used with Java or .NET
|
But Nothing with ESQL?
I have used a encrypt/decrypt method in Java but wanted to know if there was something similar in ESQL |
|
| Back to top |
|
|
| maurito |
| Posted: Thu Feb 18, 2016 10:42 pm Post subject: |
|
|
Partisan
Joined: 17 Apr 2014
Posts: 358
|
| madrox wrote: |
| madrox wrote: |
Otherwise there are some fine encryption and decryption facilities to be used with Java or .NET
|
But Nothing with ESQL?
I have used a encrypt/decrypt method in Java but wanted to know if there was something similar in ESQL |
You can call a Java function/procedure from you ESQL, but I agree with previous comments, use a DB |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Feb 19, 2016 7:12 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| madrox wrote: |
1. The credentials are being passed in the request payload
2. They are being passed as clear text |
  
| madrox wrote: |
| 3. We would like to have the password in the xml file encrypted and decrypted before making the web service request |
Again, all of the ESQL routines and methods and functions and etc. are fully documented. If you haven't seen anything for encrypt/decrypt... well, then there aren't any. You can use Java or .NET, and call those from ESQL (I *believe* you can call .NET these days?)
There used to be a PGP node as a supportPac. Dunno if it still is around or works with modern versions of IIB.
You might be able to use a SecurityPEP node as well.
_________________
chmod -R ugo-wx / |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Feb 19, 2016 7:39 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| mqjeff wrote: |
| madrox wrote: |
1. The credentials are being passed in the request payload
2. They are being passed as clear text |
|
My guess is this is for an outgoing service call (SOAP Request) using SSL and madrox has no choice in the matter. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
|
|
