I need to stop our ArcGIS Server web map services nightly, just before a scripted compression. Reading the ArcGIS Server Administrator API documentation, it appears I would need to hard code the credentials of a user in the Publisher role in order to do it. This is contrary to standard security protocols, and I am hoping someone might suggest an alternative or explain that I am mistaken in my understanding.
Thanks!
Solved! Go to Solution.
Hi Marianne,
What you read is correct, the credentials need to either be hardcoded in a variable or you can use the getpass method that Xander suggested but then you won't be able to automate. If you run the script from a local workstation within a non-shared folder that only you or a system admin could access, would that still violate your security protocols? I'm assuming you'll be running this script behind a firewall?
Anytime you pass credentials into an automated script there will be some risk involved. I've worked with users in the past that take measures to protect the actual script file by putting it on a local folder with limited access. There are ways to encode the credentials within the script itself but the username/password are still exposed if opened. This probably isn't the answer you are looking for but I hope it helps.
Thanks
Andy
if you look at this example: ArcGIS Help 10.1 or ArcGIS Help (10.2, 10.2.1, and 10.2.2) you can see that getpass is used to ask for the password.
But getpass prompts for credentials, yes? And this process needs to be a nightly, automated process.
Hi Marianne,
What you read is correct, the credentials need to either be hardcoded in a variable or you can use the getpass method that Xander suggested but then you won't be able to automate. If you run the script from a local workstation within a non-shared folder that only you or a system admin could access, would that still violate your security protocols? I'm assuming you'll be running this script behind a firewall?
Anytime you pass credentials into an automated script there will be some risk involved. I've worked with users in the past that take measures to protect the actual script file by putting it on a local folder with limited access. There are ways to encode the credentials within the script itself but the username/password are still exposed if opened. This probably isn't the answer you are looking for but I hope it helps.
Thanks
Andy
Interesting, thanks! This is the information I was looking for. Typically, I would not run the script from a local workstation, but I can and likely will in this case. Is there no way to call an ArcGIS Server connection file to perform the work?
That is a good suggestion (+1 for that). The alternative would be to use:
How do i decrypt using hashlib in python? - Stack Overflow
or
simple-crypt 3.0.2 : Python Package Index
But then you would still store the encrypted password in a config file (which you can read with ConfigParser) and anyone with access to the code could still decrypt it...