Reputation: 183
MobileFirst Encryption / decryption user credentials
I have two questions :
1- Does the MobileFirst ver 7.1.0 provides encrypt functionality on the client side and decryption on the server side?
2- I need to pass username/pswd to the database through an adapter call. From client when I call adapter and pass these credentials it goes as a query string. How can I hide these while send it to server-side adapter?
Upvotes: 0
Views: 87
Answers (1)
Reputation: 7965
Does every mobile user have his/her own username password for the database? If so this is not ideal design. The database credentials must be held in the adapter's xml and the user must be authenticated to MobileFirst using security tests and login & authentication modules.
If you still go by your original design, you can use Java adapters to accept credentials from the user through the payload of the call rather than query parameters. See https://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/devref/t_impl_java_adapter_JAXRS.html
Having done this, make all your calls over HTTPS for the traffic to be encrypted during transit.
Upvotes: 0
Related Questions
- IBM MobileFirst Platform Studio SQL Adapter User Password in Encrypted format
- API for Encryption(Client) and Decryption(Server/Adapter) in Worklight
- Client Certificate Authentication and User Enrollment
- IBM Worklight encrypt and compact
- Worklight Adapter based auth - Direct login
- IBM Worklight. Is it possible to store user credentials securely and recover them without user interacton?
- Login Authentication In IBM Worklight
- login authentication in worklight
- IBM Worklight 6.0.0.1 - Application Authentication
- IBM Worklight 5.0.6 - Encrypt worklight.properties