Password for outbound connections filled up with blanks

Seems like the Application always sends 8 characters as password in an outbound connection although the password we have entered in the partner profile contains only 6 characters.

Checking the logfile, the password is sent with two blanks at the end which is causing an "invalid password" error at partner side and transmission error.

27 | X(8) | SSIDPSWD | Initiators Password | 'P3SG48 '

regards

Forum
OFTP2

Comments

Profile picture for user service
Permalink

Arrow_Central,

it's more a RFC problem. The RFC uses the words "Senders Password" and "Receivers Password" but does not specify which should be used for inbound and which for outbound data. Try to use the other password, that should work.

Regards

Permalink

Hi Service,

no sorry, the issue was definitely caused by the blanks at position 7 and 8 in the password that we transmit to the partner. On the remote side the identical password was set for Senders PW and Receivers PW but it did not work (incorrect password). Then we changed the password from P3SG48 to P3SG4888 so that all 8 characters are filled up and the remote site accepted the PW and our transmission immediately.

This issue may be related to the application which the remote partner is using. Some don't need a PW at all (in his application it is mandatory), some my ignore the blanks and for some others a blank is a valid character
so that expected and transmitted PW do not match.
regards

Profile picture for user service
Permalink

Arrow_Central,

as there are no delimiters between the fields in the OFTP2 commands every field (beneath a small amount of variable length fields where the length is transmitted also) has a fixed length and must be filled up with blanks - else the OFTP2 command length would not match.

Blanks could never be a valid character in OFTP2 commands, please refer to

RFC 5024:
----
5.3. Command Formats

The ODETTE-FTP commands are described below using the following
definitions.
...
A String contains alphanumeric characters from the following
set:
The numerals: 0 to 9
The upper case letters: A to Z
The following special set: / - . & ( ) space.
Space is not allowed as an embedded character.
...
String and alphanumeric fields are always left justified and right
padded with spaces where needed.

Numeric fields are always right justified and left padded with
zeros where needed.
---

But I understand the confusion as Odette is violating it's own RFC by giving out Odette IDs that contain blanks as embedded character, they also defined strings with non capital letters in the virtual file names for special purpose like certificate exchange even if this is not allowed by their own RFC...

These restrictions make the "password" of OFTP2 really useless - it is no security feature. Max length 8 characters, no special chars, uppercase only...

Regards