storage of usernames, passwords in plain Cache systems 2017.2 version

Primary tabs

I need to automate the handling of usernames passwords, serverNames etc for use in the sending and receiving  of emails, logging into SFTP servers etc etc for use within COS code
To manage external passwords we could use LastPass or any other proprietary password loggers, but I need to be able to call them as part of the automation (COS code) and occasionally visually look them up to "remind" the staff of their passwords.

any suggestions as to the best class data constructs to handle this scenario. Should the whole table be encrypted, only the passwords etc.

each employee has their own login details, past password storage (non-re-use)  could be useful.

we're talking of 200-300+ passwords here.

kevin

  • 0
  • 0
  • 228
  • 7
  • 2

Answers

1.You can use Parent-Child Relationships.

The parent Persistent Class would be MyPackage.Users  with all details for the users including current password.

The Child class MyPackage.Passwords will be for all  the  passwords(If you want you can include property IsCurrentPwd As %Boolean).

Something similar to Invoice an LineItems. 

2.If you prefer to work  directly with globals could be:

^MYUSERS("usr")=UserCode@UserName@CurrentPassword@.......

^MYUSERS("usr","pwd")=Password@IsCurrentPwd@

3.One way for Encription-In your Zen Page you need property

Parameter PASSWORDPATTERN = "3.32ANP";
 

ClassMethod %OnSubmit(pSubmit As %ZEN.Submit, ByRef pValues As %String) As %Status
{
if (pSubmit.%Action="save"){
set userName = pSubmit.%GetValue("userName")

set UserPassword = $SYSTEM.Encryption.SHA1Hash(pSubmit.%GetValue("pwd"))

......

quit $$$OK

}

Even if you store the current password encrypted, consider storing just the hashes for old passwords. You might use $system.Encryption.PBKDF2() for this purpose, perhaps with fewer iterations than you'd otherwise use for a live password.

Do not store passwords.

Store password hashes + Unique salt. When entered hash

Check $system.Encryption class for various hashing algorithms.

The only case where you need to store passwords is when they are used to authenticate Cache server against external systems.

In that case use the same $system.Encryption class to encrypt them for storage.

we're talking of 200-300+ passwords here.

Per user?

no, no.

just 2-300 users, each with a few passwords. I just want to be able to store the safely, use them within objectScript and then look them up to see what the actual password was so that I can reset their devices etc when they c one in for repair/upgrades etc.

kev

Eduard.

Thanks for the answer,

where do you store the unique salt ? in a macro ? I need this so that I can automatically log into the email server as a single user to send the email as though they sent it.

it's got to be stored somewhere

You can store salt in the same table, it should just be unique (autogenerated) for each password.

There's a good explanation why that's enough, here.

Comments

I want to make it clear (from the title) that I have just "plain Cache@ ie not ensemble, iris etc. My intention is to use encryption and only store encrypted values,  never ever plain text