credentials
2 Topicsself-directed requests fail because of no certificate
Is there a way to whitelist a server so it can make requests from itself without needing to have a certificate? I use the F5 to provided CAC authentication for my site. It's a PHP server. During the setup process for the web application software we run on the server, the setup process needs to learn, test and record it's own URL and the URL of other web applications installed on the same server. These URLs are used later when generating HTML with absolute URL links in it. When the user types a URL in and submits it, the server will then make a request from that URL (where an API is waiting) to make sure it get's a valid response--verifying the URL is correct. This process fails, I'm assuming, because any requests of the server require you to have a CAC/Certificate. As such our software is unable to validate URLs. What can be done about this to allow it to work? Ideally it would be nice if the server was somehow whitelisted so it could make a self-directed request, but is there any other options?47Views0likes1CommentUser for ASM Automated Backup Script
Hi Guys, I have a script that allows me to backup ASM policies in moments, the catch however is that this script requires credentials for a user with Advanced Shell Access. Advanced Shell Access requires Administrative privileges. As a result, this script then creates a security issue even when properly stored and access simply due to the hardcoded credentials in the script. I am aiming to reduce the severity of this issue in one of two ways: - Is it possible to have a user with read only permissions in the portal and advanced shell access on the box? or can I create an API only user? - Alternatively is anyone aware of how I can swap out credentials from my script so that if the script was discovered, credentials would not be identified? Thanks418Views0likes1Comment