Our users use a web browser and enter their CICS userid and password.
From there, it goes to an ASP server, then to webMethods, then to CICS.
The web browser is storing the userid/passwords to be used each time a request to CICS is made, saving the users from having to sign on multiple times. There are two problems:
The ASP front end sees the userids and passwords – so programmers could too – and we are not locking the sessions - so to keep the users from having to sign on again the userids and passwords are being stored on the ASP web server for additional signons to be made on behalf of the users with each new request.
Are there any suggestions on a better & more secure way of keeping the users from having to either sign in too frequently, or of having their passwords stored in a not so secure manner?