Thanks David. Sadly, for us, it uses basic auth and the base64 encoded token is as good as a password. Our auditors would make life difficult.
> -----Original Message----- > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On > Behalf Of David Crayford > Sent: Friday, July 24, 2020 13:33 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: cURL and security > > Use tokens > https://developer.atlassian.com/cloud/jira/platform/basic-auth-for-rest- > apis/ > > On 2020-07-24 11:21 AM, Luke Wilby wrote: > > Hey David > > > > Do you authenticate to Jira when using cURL? How? > > > >> -----Original Message----- > >> From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On > >> Behalf Of David Crayford > >> Sent: Friday, July 24, 2020 12:29 PM > >> To: IBM-MAIN@LISTSERV.UA.EDU > >> Subject: Re: cURL and security > >> > >> On 2020-07-23 2:17 PM, kekronbekron wrote: > >>> It would be best to consider switching to the z/OS Client Web > >>> Enablement > >> Toolkit. > >>> There are sample programs for REXX / ASM / COB .. and I'm positive > >>> there'll > >> be a Python client pretty soon (IBM Open Enterprise Python for z/OS). > >> > >> To me the idea of writing a web client in assembler is preposterous. > >> COBOL is almost as bad and I would opt to use bpxwunix() with curl > >> over the Web Enabelment Toolkit any day. > >> I can create a Jira ticket with a couple of lines of curl. I would > >> suggest writing a REXX script using the WET would be considerably more > effort. > >> > >>> Don't think cURL is loved that much on Z. > >> Are you speaking from experience? Not loved by who? Anybody who > knows > >> how to use z/OS UNIX shells knows how to use curl. I used curl only > >> yesterday to install a shell utility from github with a simple one-liner. > >> > >> sh -c "$(curl -fsSL > >> https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" > >> > >> > >>> Hmm .. unless client auth is required at the cURL target, you don't > >>> need to > >> worry about client certs, right? > >>> Just plop on the target server's CA cert (interim & root CA) public > >>> keys in a > >> user keyring, and point CWET to the user keyring. > >>> Server auth will work just fine. > >>> > >>> - KB > >>> > >>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > >>> On Thursday, July 23, 2020 10:20 AM, Filip Palian > >>> <s3...@pjwstk.edu.pl> > >> wrote: > >>>> Hey, > >>>> > >>>> You can read login credentials from within a script at run time > >>>> from a separate file containing password. This file should have an > >>>> adequate permissions and ownership set of course. > >>>> > >>>> Alternatively, if you control the target, perhaps you can whitelist > >>>> your curl/client. > >>>> > >>>> I hope that helps. > >>>> > >>>> Cheers, > >>>> F > >>>> > >>>> W dniu czwartek, 23 lipca 2020 Luke akal...@hotmail.com napisał(a): > >>>> > >>>>> Hi All > >>>>> I'm wondering if anyone is using cURL on z/OS in a production setting? > >>>>> I'm interested how to utilise cURL when the target URL requires > >>>>> authentication. > >>>>> We can't use Basic Auth because we are not able to store usernames > >> and > >>>>> password in scripts or batch jobs. > >>>>> We can't easily use certificates because our users on z/OS do not > >>>>> have certificates and our Windows based corporate certificate > >>>>> management > >> doesn't > >>>>> allow users access to the private keys of their Windows certificates. > >>>>> Anyone else using cURL for DevOps on z/OS and how are you securing > >> it? > >>>>> For IBM-MAIN subscribe / signoff / archive access instructions, > >>>>> send email to lists...@listserv.ua.edu with the message: INFO IBM- > >> MAIN > >>>> -- > >>>> > >>>> For IBM-MAIN subscribe / signoff / archive access instructions, > >>>> send email to lists...@listserv.ua.edu with the message: INFO > >>>> IBM-MAIN > >>> -------------------------------------------------------------------- > >>> -- For IBM-MAIN subscribe / signoff / archive access instructions, > >>> send email to lists...@listserv.ua.edu with the message: INFO > >>> IBM-MAIN > >> --------------------------------------------------------------------- > >> - For IBM-MAIN subscribe / signoff / archive access instructions, > >> send email to lists...@listserv.ua.edu with the message: INFO > >> IBM-MAIN > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send > > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
