PDA

View Full Version : Database connection to AS400



ngyukkwan
08-30-2007, 05:49 AM
Hi everyone out there,
I have been using the database input and output steps with connetion to AS400 through JDBC withouout any problems.
For the user ID and password, I just simply Hard-coded within the connection setting.
However, recently I need to think about security concerns and testing with the user ID and password left blank in the connection setting.

As I try to run the transformation in spoon or pan, I will get the Signon dialog to prompt me for the userid and password.
This dialog seems not working at all! I wonder if this is part of Kettle, or part of JT400??

Does anyone out there know of any answers??

Thanks in advance,
Alex

sboden
08-30-2007, 06:16 AM
The dialog is not in Kettle... pretty sure.

For security reasons... use variables for userid and password.

Regards,
Sven

ngyukkwan
08-30-2007, 06:28 AM
Thanks for your quick reply, Sven!
Your suggestion to use variable, could you explain?
So far, I know I can set variables in kettle.properties to define my database connection userid and password, but the method still post security problems since anyone who can access the machine will have chance to discover the password...
Any suggestions?
Thanks,
Alex

sboden
08-30-2007, 06:57 AM
Security is always going to be a "problem".

PDI needs to know the user-id and password to logon to its connections. So the person who has access to PDI on the system you run it from will always have access to the userid and password. You can try to encrypt/obfuscate as is done now with the passwords, but if you have someone who's willing to spend some time on it he will be able revert it.

One other possible solution would be to use JNDI to get at the connections, but then the person with administrator JNDI access will see your userid and password... and JNDI access in PDI still has some small problems currently.

What most people seem to do is to have a userid with limited access. That userid/user owns private files containing userid and passwords. And if you forget about root/administrator access for a while your security is relatively fine.

Regards,
Sven