Security Functions

In this section:

Security functions are available to test the state of the current user. As a user logs on, usually through an Authentication Provider, the current user's authority is encapsulated in a Principal, which identifies the user and the roles (authorities) that the user possesses. For example, an administrative user has the role admin as a standard, but role names are related to services available to the user when that user logs on. Roles are assigned by the security system (Authentication Realm Providers) based on information stored about the user in the appropriate information stores.


Top of page

x
_hasrole(): Is this AuthorityAvailable
_hasrole(name)

name

string

The name of an authority to be tested.

The current Principal is tested for the names authority. If the user represented by this Principal has the identified authority the function returns true.



x
_getprin(): Get Information from this Principal
_getprin(keyword)

keyword

string

Keyword of which information is to be obtained.

user. User name

password. User's password

The information associated with the current Principal is returned. A common use of this information is to configure an emitter that inherits the login credentials of the current user.

This function returns 'auto' when the principals are not configured on the server and the default user is used. Otherwise, the principal on the channel is returned.



x
_encr(): Encrypt the Value
_encr(value)

value

string

Term to encrypt

iWay uses a simple cryptographic mechanism to mask passwords stored in its configuration files. The algorithm employs random seeds and salting when generating the encrypted result. The result is marked with “functional” braces for recognition by the internal decryption services when the value needs to be used.

iWay strongly recommends that this function not be used to protect values in business systems; facilities to use validated PKI and session key cryptography are readily available for this purpose. The use of this function should be restricted to password masking and similar purposes.

_encr(‘iway’)
ENCR(3157318131043128321832252993249)


x
_md5(): Generate an MD5 Hash
_md5 (term [,term*])

term

string

A value to be added to the hash.

In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. MD5 confirms to an Internet standard (RFC 1321); MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. An MD5 hash is typically expressed as a 32 digit hexadecimal number. Unlike functions such as _uuid() that generate unique numbers, an MD5 hash will produce the same value given identical input. The iWay functional language enables generation of an MD5 hash of from one to nine terms.

_md5('username','realm','password')

returns

66999343281B2624585FD58CC9D36DFC

A standard use of MD5 is in digest authorization in HTTP. In this case the username, password, a realm name and a set of "random" values called nonces are used to generate the hash.

Commonly in iWay it is useful to add a hash value to a message or to check it on receipt. The _md5 function can help with this requirement.



x
_sha1(): Generate a SHA1 Hash
_sha1(term [,term*])

term

string

Term to include in the SHA1 computation.

The SHA (Secure Hash Algorithm) hash1 functions is a cryptographic hash function designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard.

Although some concern has been raised about the absolute cryptographic security of the SHA1 algorithm, it remains a commonly used hash for securing the value of data.

For example:

_sha1('name','digest','password','1234567')

The following is returned:

95e760b78aaa4ccca9ac94b8815e753674bafaa7

iWay Software