Passwords

In order to use the Remote Access functions in Crash Magic, a login must be performed.  This login requires a password to be sent to the system.  In addition, when creating or modifying a user account, the password may need to be sent.

Since some methods of using Remote Access utilize a "clear text" transmission, SOAP for example, passwords can be encrypted when sent to Crash Magic Remote Access Routines.  Note that encryption is not required, and unencrypted is certainly the best way to get started while becoming familiar with the Remote Access routines.

Support for password encryption is set at the user group level. To enable a Crash Magic user group to require encryption the encryption method should be entered in the settings tab of the user group in the Encryption Method box, and an Encryption Key entered. The supported encryption method is 3Desv1 with a 16 character key.

Crash Magic uses the current Greenwich Mean Time to expire encrypted passwords. Once encryption has been enabled any passwords sent to Crash Magic must have "=(The current GMT)" appended to the password before being encrypted and sent to Crash Magic. The password will not work if the time sent is more than a minute off from the GMT of the server running Crash Magic.  If the current GMT is "10/31/2007 9:57:46 PM" and the password you are sending is "TestPassword" you must encrypt:TestPassword=10/31/2007 9:57:46 PM