Community
Select to view content in your preferred language

Arcpy Stop Services: need to hard code password??

3829
5
Jump to solution
12-17-2014 02:05 PM
847396730
by
Occasional Contributor III
‎12-17-2014 02:05 PM

I need to stop our ArcGIS Server web map services nightly, just before a scripted compression.  Reading the ArcGIS Server Administrator API documentation, it appears I would need to hard code the credentials of a user in the Publisher role in order to do it.  This is contrary to standard security protocols, and I am hoping someone might suggest an alternative or explain that I am mistaken in my understanding.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
AndyOmmen
by Esri Contributor
Esri Contributor
‎12-18-2014 01:06 PM

Hi Marianne,

What you read is correct, the credentials need to either be hardcoded in a variable or you can use the getpass method that Xander suggested but then you won't be able to automate. If you run the script from a local workstation within a non-shared folder that only you or a system admin could access, would that still violate your security protocols? I'm assuming you'll be running this script behind a firewall?

Anytime you pass credentials into an automated script there will be some risk involved. I've worked with users in the past that take measures to protect the actual script file by putting it on a local folder with limited access. There are ways to encode the credentials within the script itself but the username/password are still exposed if opened. This probably isn't the answer you are looking for but I hope it helps.

Thanks

Andy

View solution in original post

5 Replies
XanderBakker
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎12-17-2014 03:27 PM

if you look at this example: ArcGIS Help 10.1 or ArcGIS Help (10.2, 10.2.1, and 10.2.2)  you can see that getpass is used to ask for the password.

0 Kudos
847396730
by
Occasional Contributor III
‎12-18-2014 11:56 AM

But getpass prompts for credentials, yes?  And this process needs to be a nightly, automated process.

0 Kudos
AndyOmmen
by Esri Contributor
Esri Contributor
‎12-18-2014 01:06 PM

Hi Marianne,

What you read is correct, the credentials need to either be hardcoded in a variable or you can use the getpass method that Xander suggested but then you won't be able to automate. If you run the script from a local workstation within a non-shared folder that only you or a system admin could access, would that still violate your security protocols? I'm assuming you'll be running this script behind a firewall?

Anytime you pass credentials into an automated script there will be some risk involved. I've worked with users in the past that take measures to protect the actual script file by putting it on a local folder with limited access. There are ways to encode the credentials within the script itself but the username/password are still exposed if opened. This probably isn't the answer you are looking for but I hope it helps.

Thanks

Andy

847396730
by
Occasional Contributor III
‎12-18-2014 01:12 PM

Interesting, thanks!  This is the information I was looking for.  Typically, I would not run the script from a local workstation, but I can and likely will in this case.  Is there no way to call an ArcGIS Server connection file to perform the work?

0 Kudos
XanderBakker
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎12-18-2014 04:11 PM

That is a good suggestion (+1 for that). The alternative would be to use:

How do i decrypt using hashlib in python? - Stack Overflow

or

simple-crypt 3.0.2 : Python Package Index

But then you would still store the encrypted password in a config file (which you can read with ConfigParser) and anyone with access to the code could still decrypt it...