• You are here:  
  • Home
  • Q&A
  • Q&A
  • PowerServer
  • prevent logging "Application URL parameter:" in "CloudAppLauncher_V2" logs

Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (2)

Resolved prevent logging "Application URL parameter:" in "CloudAppLauncher_V2" logs

  1. How-to
0
Votes
Undo
  1. Gururaja Udupa
    Gururaja Udupa
  2. PowerServer
  3. Thursday, 9 November 2023 14:54 PM UTC

 

We have one main application and a few child applications, from main application launches child application by sending command-line arguments that contain some user credentials.

Observed that the CloudAppLauncher_V2 log file recorded the command line argument under “Application URL parameter:”. Considering the security, we are not supposed to store any credentials in a system under any file.

How to prevent this info from CloudAppLauncher logs?

Version:

PowerBuilder 2022R2 Build 2819

CloudAppLauncher_V2

Powerserver App hosted on Docker.

 

Thanks,

Gururaja Udupa

Azure App Service Powerserver "Failed to download ...
Cisco Secure AV captures malware during PowerBuild...
Responses (2)
Armeen Mazda @Appeon
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Thursday, 9 November 2023 18:13 PM UTC
  2. PowerServer
  3. # 1

Sounds like you are trying to do SSO. I would recommend watching this Elevate session how to securely implement this.  Your approach doesn't seem secure, or at least not the common way to do this.  https://www.appeon.com/conference/elevate-2022/live?id=363

Comment
Gururaja Udupa
  1. Gururaja Udupa
  2. Friday, 10 November 2023 12:42 PM UTC
Thanks, Chris and Armeen for the quick response.

Currently, our application sends the data in encrypted format. I will go through the Elevate session and check if we need to make any changes to our application.



Thanks,

Gururaja Udupa

  1. Helpful
There are no comments made yet.
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Thursday, 9 November 2023 15:45 PM UTC
  2. PowerServer
  3. # 2

Hi Gururaja ;

Suggestions ...

  1. What about sending the User Credential information as "Encrypted"?
  2. Store the User information in a DB table. Then pass the 2nd App a "Token" that it can use to lookup the user info in the DB table?

HTH

Regards ... Chris

Comment
Gururaja Udupa
  1. Gururaja Udupa
  2. Friday, 10 May 2024 05:35 AM UTC
We started sending user credentials in encrypted format. Also now we modified the code to send the token to the second application.



Thanks,

Gururaja Udupa
  1. Helpful
Chris Pollach @Appeon
  1. Chris Pollach @Appeon
  2. Friday, 10 May 2024 13:51 PM UTC
Awesome! :-)
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.