on 2022 Nov 16 6:46 PM
I've read about the aseuserstore utility at:
help.sap.com/docs/SAP_ASE/2705a3b1e3df4514ab089cfedf87750d/740b5062301c48f4aa739e6c6fb6cd62.html?version=16.0.3.4
But I'm confused about it's advantages.
As I understand it, instead of having to specify a username & password to isql, you can just specify the asestore key (using the isql -k option) that will automatically lookup the username/password and use them.
But in terms of security, what's the difference between having to specify a key and having to specify a password? Ie., don't I have to take all the same precautions to protect the asestore key as I do to protect the ASE password? Ie. if someone steals my password or if someone steals my asestore key, security is broken, right?
So for cron job scripts running isql, however they got the password for isql before, now they have to get the asestore key instead. Not really a big advantage.
Request clarification before answering.
Hi
I guess there are several things:
- Using the password in the command line can be displayed by anyone running in the same box. The username and password can then be easily used to connect to the server.
- The key itself, if captured from the command line, does not give you access to the server unless you also have the file that contains the username/password information. So, as long as this file is protected, the key by itself is useless. If you get both the key and the file stolen, then in fact the security is compromised.
Cheers
Carlos
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
48 | |
6 | |
6 | |
5 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.