Difference between revisions of "IBM BigFix Secure Parameters"

From RiceFamily Wiki
Jump to: navigation, search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
* [https://forum.bigfix.com/t/customize-fixlet-for-beginners/21496 Customize Fixlet for Beginners - Secure Parameter question]
+
The problem with using things like Passwords inside Fixlets is that the Fixlet bodies are available to ALL of the computers.  This would mean that if someone knew where to look they could see the password in plain text.
* [https://developer.bigfix.com/relevance/reference/bes-action.html#parameter-string-of-bes-action-string Patemeter String of BES Action String]
+
 
* [https://www.ibm.com/developerworks/community/forums/html/topic?id=56dbb886-ad6f-4777-8f29-678daee29ac6 Encrypt data within a fixlet]
+
The solution to this is to encrypt things like Passwords inside the Fixlet.  The drawback to this technique is that it means that targeting is limited to individual machines.  Targeting based on Properties can't be done because the Secure Parameters are encrypted using the Public Key for each targeted computer, so each action file must be generated individually for each computer at the time of submission of the Action.
 +
 
 +
 
 +
* [https://forum.bigfix.com/t/customize-fixlet-for-beginners/21496 Customize Fixlet for Beginners - Secure Parameter question] - Forum Discussion
 +
* [https://developer.bigfix.com/relevance/reference/bes-action.html#parameter-string-of-bes-action-string Patemeter String of BES Action String] - BigFix Developer Documentation
 +
* https://www.ibm.com/developerworks/community/forums/html/topic?id=56dbb886-ad6f-4777-8f29-678daee29ac6 Encrypt data within a fixlet (bad link?)
 +
* [https://forum.bigfix.com/t/secret-parameter-actions/38847 Bigfix secret parameter] - Forum Discussion
 +
* [https://developer.bigfix.com/action-script/reference/flow-control/action-parameter-query.html Using Parameters in Actions] - BigFix Developer Documentation
  
 
[[Category:IBM BigFix]]
 
[[Category:IBM BigFix]]
 
[[Category:Secure Parameter]]
 
[[Category:Secure Parameter]]

Latest revision as of 17:50, 10 October 2022

The problem with using things like Passwords inside Fixlets is that the Fixlet bodies are available to ALL of the computers. This would mean that if someone knew where to look they could see the password in plain text.

The solution to this is to encrypt things like Passwords inside the Fixlet. The drawback to this technique is that it means that targeting is limited to individual machines. Targeting based on Properties can't be done because the Secure Parameters are encrypted using the Public Key for each targeted computer, so each action file must be generated individually for each computer at the time of submission of the Action.