RE: Storing passwords in records/Authenticating IOC with other servers

[Freddie Akeroyd - STFC UKRI via Tech-talk <tech-talk at aps.anl.gov>]

Hi, does something like

 

record(stringout, "MY_RECORD")

{

    field(DTYP, "asynOctetWrite")

    field(OUT, "@asyn( … )")

    field(FLNK, "MY_RECORD_RESET")

}

 

record(stringout, "MY_RECORD_RESET")

{

    field(VAL, "")

    field(OUT, "MY_RECORD NPP")

}

 

Work? The linked “MY_RECORD NPP” should clear the initial record value without processing it again (so not sending a blank password to asyn)

 

Regards,

 

Freddie

 

From: Tech-talk <tech-talk-bounces at aps.anl.gov> On Behalf Of Marco Filho via Tech-talk
Sent: Friday, July 19, 2024 3:55 PM
To: tech-talk at aps.anl.gov
Subject: Storing passwords in records/Authenticating IOC with other servers

 

Hi, all

I am creating an epics ADDriver that needs to communicate and authenticate with another server. The authentication requires a password and a username.
Since I want everything to be as dynamic as possible, I wanted to create a record to use the password to authenticate, but I don't feel comfortable only protecting the record with ASG because it feels like a thin layer of protection.

I tried making an asynOctetWrite record that passes a value to MYDriver::writeOctet() without storing the value passed. In other words: something that would behave like:

caput MY_RECORD PASS
(Function MYDriver::writeOctet gets called with PASS passed as an argument to the function)
caget MY_RECORD
MY_RECORD                          #Shows nothing, nothing is actually stored in the record.

But I could not succeed in making this record only with asyn. The best solution I can think of now is reading the password from a file which again doesn't seem like the optimal solution.

This is probably not a too specific problem, so I'm wondering if there is already any elegant solution for that? Can anyone think of a better approach? Or maybe an already-existing record that does something similar?

Thanks for any suggestions,

Marco