• You are here:  
  • Home
  • Q&A
  • Q&A
  • PowerServer
  • prevent logging "Application URL parameter:" in "CloudAppLauncher_V2" logs

Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (2)

Resolved prevent logging "Application URL parameter:" in "CloudAppLauncher_V2" logs

  1. How-to
0
Votes
Undo
  1. Gururaja Udupa
    Gururaja Udupa
  2. PowerServer
  3. Thursday, 9 November 2023 14:54 PM UTC

 

We have one main application and a few child applications, from main application launches child application by sending command-line arguments that contain some user credentials.

Observed that the CloudAppLauncher_V2 log file recorded the command line argument under “Application URL parameter:”. Considering the security, we are not supposed to store any credentials in a system under any file.

How to prevent this info from CloudAppLauncher logs?

Version:

PowerBuilder 2022R2 Build 2819

CloudAppLauncher_V2

Powerserver App hosted on Docker.

 

Thanks,

Gururaja Udupa

Azure App Service Powerserver "Failed to download ...
Cisco Secure AV captures malware during PowerBuild...
Responses (2)
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Thursday, 9 November 2023 15:45 PM UTC
  2. PowerServer
  3. # 1

Hi Gururaja ;

Suggestions ...

  1. What about sending the User Credential information as "Encrypted"?
  2. Store the User information in a DB table. Then pass the 2nd App a "Token" that it can use to lookup the user info in the DB table?

HTH

Regards ... Chris

Comment
Gururaja Udupa
  1. Gururaja Udupa
  2. Friday, 10 May 2024 05:35 AM UTC
We started sending user credentials in encrypted format. Also now we modified the code to send the token to the second application.



Thanks,

Gururaja Udupa
  1. Helpful
Chris Pollach @Appeon
  1. Chris Pollach @Appeon
  2. Friday, 10 May 2024 13:51 PM UTC
Awesome! :-)
  1. Helpful
There are no comments made yet.
Armeen Mazda @Appeon
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Thursday, 9 November 2023 18:13 PM UTC
  2. PowerServer
  3. # 2

Sounds like you are trying to do SSO. I would recommend watching this Elevate session how to securely implement this.  Your approach doesn't seem secure, or at least not the common way to do this.  https://www.appeon.com/conference/elevate-2022/live?id=363

Comment
Gururaja Udupa
  1. Gururaja Udupa
  2. Friday, 10 November 2023 12:42 PM UTC
Thanks, Chris and Armeen for the quick response.

Currently, our application sends the data in encrypted format. I will go through the Elevate session and check if we need to make any changes to our application.



Thanks,

Gururaja Udupa

  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.