removed
Moderators: chulett, rschirm, roy
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
Easiest way to "recover" a password is to stick a basic routine / before call to write the password parameter to the log file. (i.e. no special job / tool required).
DS has to decrypt it for passing to external stages, so it is only secure before run / passing to DS and not while running. Which is to be expected.
DS has to decrypt it for passing to external stages, so it is only secure before run / passing to DS and not while running. Which is to be expected.
- - - - -
Cranie
Doing the needful.
Cranie
Doing the needful.
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
In fact it almost certainly breaches the licence conditions of the author's Information Server installation (the part about reverse engineering).
I make that statement with no knowledge whatsoever of the tool.
I make that statement with no knowledge whatsoever of the tool.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
-
- Participant
- Posts: 54607
- Joined: Wed Oct 23, 2002 10:52 pm
- Location: Sydney, Australia
- Contact:
That will be interesting to see. AES-128 encryption should be impossible to break in a reasonable amount of time using the kind of hardware that most Information Server sites use.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
This, indeed, is a serious security threat within DataStage and has been adressed at IBM a number of times already. It should not be possible to print encrypted - or rather decrypted - variables to the log. And it should not be too difficult to disallow this by changing the way DataStage-Basic handles variables of this type, especially in functions like DSLogInfo.Cranie wrote:Easiest way to "recover" a password is to stick a basic routine / before call to write the password parameter to the log file. (i.e. no special job / tool required).
"It is not the lucky ones are grateful.
There are the grateful those are happy." Francis Bacon
There are the grateful those are happy." Francis Bacon