Difference between revisions of "IBM BigFix Secure Parameters"
From RiceFamily Wiki
Line 1: | Line 1: | ||
+ | The problem with using things like Passwords inside Fixlets is that the Fixlet bodies are available to ALL of the computers. This would mean that if someone knew where to look they could see the password in plain text. | ||
+ | |||
+ | The solution to this is to encrypt things like Passwords inside the Fixlet. The drawback to this technique is that it means that targeting is limited to individual machines. Targeting based on Properties can't be done because the Secure Parameters are encrypted using the Public Key for each targeted computer, so each action file must be generated individually for each computer at the time of submission of the Action. | ||
+ | |||
+ | |||
* [https://forum.bigfix.com/t/customize-fixlet-for-beginners/21496 Customize Fixlet for Beginners - Secure Parameter question] | * [https://forum.bigfix.com/t/customize-fixlet-for-beginners/21496 Customize Fixlet for Beginners - Secure Parameter question] | ||
* [https://developer.bigfix.com/relevance/reference/bes-action.html#parameter-string-of-bes-action-string Patemeter String of BES Action String] | * [https://developer.bigfix.com/relevance/reference/bes-action.html#parameter-string-of-bes-action-string Patemeter String of BES Action String] |
Revision as of 02:29, 29 May 2017
The problem with using things like Passwords inside Fixlets is that the Fixlet bodies are available to ALL of the computers. This would mean that if someone knew where to look they could see the password in plain text.
The solution to this is to encrypt things like Passwords inside the Fixlet. The drawback to this technique is that it means that targeting is limited to individual machines. Targeting based on Properties can't be done because the Secure Parameters are encrypted using the Public Key for each targeted computer, so each action file must be generated individually for each computer at the time of submission of the Action.