Importing Users/Passwords
Posted: Thu Aug 05, 2010 8:22 am
I am in the process of implementing an AC7 site for a client. Everything is going great, and I'm finding it very easy to do just about anything they need. One small hiccup, though.
The client manages all user accounts in their AS/400. There is no registration on the AC site - the users must contact the client and create an account with the company before being allowed onto the site. Each day, the client exports a list of the active users, their information, and their password. They will be sending this file over SFTP to the hosting server, and I need to import it into AC. I can get the user account created, along with all supporting information, but I am not seeing any way to generate the encrypted password through SQL. I've seen posts for using DataPort, but because it isn't scriptable, I don't think it will fit their needs.
As I see it, I have the following options:
1. Import the plain text passwords to a separate table, and then have a utility in the Admin that will loop through the users and assign their password. This adds an extra step for the client, but is probably ok. However, will the storing of passwords in plain text, even for a brief amount of time, invalidate any PCI compliance?
2. Try either a .NET Stored Procedure or an SSIS package, importing the CommerceBuilder assemblies. Has anyone tried this before? Is this allowed under the standard (non-source) license?
3. Other options?
Thanks!
Dave
The client manages all user accounts in their AS/400. There is no registration on the AC site - the users must contact the client and create an account with the company before being allowed onto the site. Each day, the client exports a list of the active users, their information, and their password. They will be sending this file over SFTP to the hosting server, and I need to import it into AC. I can get the user account created, along with all supporting information, but I am not seeing any way to generate the encrypted password through SQL. I've seen posts for using DataPort, but because it isn't scriptable, I don't think it will fit their needs.
As I see it, I have the following options:
1. Import the plain text passwords to a separate table, and then have a utility in the Admin that will loop through the users and assign their password. This adds an extra step for the client, but is probably ok. However, will the storing of passwords in plain text, even for a brief amount of time, invalidate any PCI compliance?
2. Try either a .NET Stored Procedure or an SSIS package, importing the CommerceBuilder assemblies. Has anyone tried this before? Is this allowed under the standard (non-source) license?
3. Other options?
Thanks!
Dave