search

cubewise-code / tm1py

TM1py is a Python package that wraps the TM1 REST API in a simple to use library.
http://tm1py.readthedocs.io/en/latest/
MIT License
190 stars 109 forks source link

New parameter to enable base64 password #87

Closed vviau closed 5 years ago

vviau commented 5 years ago

Currently, TM1py checks first if the "password" is encoded, then if it fails to login with the password decoded, it tries with the password as it is. It means that if you have a wrong password, TM1py is going to use 2 failed attempts instead of just 1. This can lead to reaching the maximum of attempts very quickly and locked our Admin user.

To avoid this we could add a new parameter in the config.ini, called "password64" or if we want to make it less obvious it could be "pwd", the new parameter will be used to put the encoded password. TM1py could check first if there is a value for this new parameter then it tries to connect, if there is no value, TM1py will get the password from the parameter "password".

For example, "password" will always be plain password and "password64", the encoded password.

Cheers,

Vincent

vviau commented 5 years ago

Or the other option would be to use a new parameter called "decode64" = true or false. This solution might be better for backward compatibility