For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eray_27463's avatar
Eray_27463
Icon for Nimbostratus rankNimbostratus
Oct 24, 2007

Passing the credentials to the Load Balancer

Right now this's the way I initialize my F5 functions..   m_interfaces.initialize(LoadBalancerAddress, UserName, Password);     I don't want to hardcode username and password, and I don't wa...
dev
devops
iControl
Joe_Pruitt's avatar
Joe_Pruitt
Oct 29, 2007
Agreed that hard coding is most likely not a good idea. You can either store the creds locally, or prompt the user for the credentials. If your application is going to be spread out among lots of people, then you should create multiple accounts for the end users (not the default admin account) and limit their privileges depending on what the application does (read-only vs. read-write). Also, I would make sure that that user doesn't have console privileges.

 

 

It's really a chicken and egg problem. You don't want the users to have login credentials but you need credentials to login to the device.

 

 

Another option could be to build a secured webservice if your your own that your app calls to request credentials. That way the app never has the credentials hard coded and the credentials are secured everywhere in the chain.

 

 

Good luck!

 

 

-Joe