Forum Discussion

David_Murphy_22's avatar
David_Murphy_22
Icon for Nimbostratus rankNimbostratus
May 17, 2007

iControl Perl SOAP - security

If someone could point me to existing documentation and/or forum posts I would very much appreciate the help:

 

 

So far we have been executing iControl Perl scripts from a command line string that includes a clear-text username/password. I'm hoping that there is a more secure method. In the long run, we would prefer limiting the execution of some of our iControl scripts to certain systems only without using username/password type authentication; is there an existing and somewhat straightforward methodology to enhance iControl security?

 

 

dev
devops
iControl

1 Reply

Sort By
  • Joe_Pruitt's avatar
    Joe_Pruitt
    May 17, 2007
    iControl is inherently secure. We support HTTP Basic Auth over SSL, so the credentials are secure from the perl script to the BIG-IP. Unfortunately until the username/password are passed into the iControl calls, it is beyond the security of iControl and into the security of your application. I've heard of users storing username/passwords in a database and using a front level authentication within their applications to restrict which credentials are extracted from the db. Since each users runtime environment is a bit different, it's hard to suggest a single way to secure passwords. You could implement a prompt in your script that allows for character masking when the user is prompted for passwords, but this makes scripting difficult as it requires user intervention.

     

     

    Good luck and any tips you come up with I'm sure others out there would benefit from.

     

     

    -Joe