How to: |
This section describes how to mask passwords using an AES process.
To mask iBSP passwords using AES:
For example:
_aes(enc, sreg(ibse.aeskey), thepassword)
Cipher text is generated to represent the password, as shown in the following example:
2rLB2FnIBJsea90DdKzHrueET3pGVY+CDA7b3gE3l58=
For example:
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Header> <m:ibsinfo xmlns:m="urn:schemas-iwaysoftware-com:iwse"> <m:service>IVP</m:service> <m:method>IVP</m:method> <m:license>IVP</m:license> <m:Username>steve</m:Username> <m:Password>AES(2rLB2FnIBJsea90DdKzHrueET3pGVY+CDA7b3gE3l58=)</m:Password> </m:ibsinfo> </SOAP-ENV:Header> ...
The AES(...) surrounding the encrypted password in this example is not an iFL function. It is only markup informing you that the value in the parentheses is encrypted using AES.
iBSP decrypts the password (using the value of the ibse.aeskey register as a key) and uses the result as it would any clear text password.
Note: This technique is useful for masking passwords, but does not provide security against network attacks, such as replay attacks.
iWay Software |