From 59e90183e423d0c918bc4bd7b93757ab89ef1212 Mon Sep 17 00:00:00 2001 From: ci Date: Tue, 28 Oct 2025 23:21:12 -0700 Subject: [PATCH 1/3] Security fix: Use environment variables for credentials instead of command-line arguments Addresses security vulnerability where credentials were visible in process listings (ps -ef) when passed as command-line arguments. Changes: - Modified DefaultLoginManager to read credentials from environment variables (TWSUSERID, TWSPASSWORD, FIXUSERID, FIXPASSWORD) with priority over args - Updated ibcstart.sh to export credentials as environment variables before launching Java process - Updated StartIBC.bat to set credentials as environment variables before launching Java process - Simplified Java invocation in scripts - credentials no longer passed as command-line arguments Benefits: - Credentials no longer visible in process listings - Enables secure credential storage using file permissions - Maintains backward compatibility with existing configurations - Consistent behavior across Linux, macOS, and Windows platforms --- resources/IBC.jar | Bin 119887 -> 120160 bytes resources/scripts/StartIBC.bat | 22 ++++++------ resources/scripts/ibcstart.sh | 27 ++++++++++----- src/ibcalpha/ibc/DefaultLoginManager.java | 39 ++++++++++++++++++---- 4 files changed, 61 insertions(+), 27 deletions(-) diff --git a/resources/IBC.jar b/resources/IBC.jar index 639b926fa41248d28c71b5ed89ef2a7f1efb1b75..d919f4e560a9ef0ba24b422d1c085df6c0e67cd5 100644 GIT binary patch delta 6214 zcmZWt30TZ)7yrLgk(Oy+rd=haq6IZX8?8!8MYmGOR^3Wj+LI6p8F?cu2=_|4X_-tZ zY2TwP5n6m#L`YX?@xA{g-Elq7nDdK-1xAjG+s9e$7}@=4H^656;{H-f)Od;S=ktm0LVmDp6<*; zN|xfS)T*S^Y)YprE5b*v8Ys$Bx^*gcvq)W*MjR!n>GsSabv#D=lot`^0A=yT#E;am zHkq~(FqWQK3nAPxAEpt>cfYT`+W;`^6g(viBw=tF;DH#2KPpm#gg*&yT zn38N=-cdoA?tN5XC68E2chTztFKKJO8B$WuwhPp1)UG0aI$oe_$9b+*&cd*bBCM66 z3uC`U%KuL+#@!?Q@yIgAr7Jf-KI~u{ufvqi*(o@O{?$&bfVJ3hb1;9HZeA+iPQShG zArE#JnTee6KBL`dqrw*|t9L}v^!?|r)-k;zy(hubux-U0o$ixEuRpc0&xgNG|1i02 z+gSRKDSxTEF;R@V44b9>^qdW{I@`A9Y|Ij5>BVj|x!1o=n!(t}IGc1KpE-}gU z?2 zeGYSiV&|N?b$DQKr)Au-FNrbUC%1=bD`o`;cG@XRW^diSvyuHNp3xQ zv1;I`%L!lQhlN(3zLgFehccJX%YGBwKXofLtEuF0S?rqTFp)X@RuO9jMURAPjqE&m z;m;LP&(i06uJ|@sx-!x^t4&sk5oBMg+WW{xH#;U#Eq$aXpvX-%qNc0Utu3VW)&5V; z9%^^~$-lx3l(aDoi1aKP|6QiPO(DGI!{?ao*4LgEs5!Tvl-QwlSjX$j?*g22L%)YS zQXN~h6ufdM+Y#G&%>R{hnw}?g4z;W6Pj;6dTQ5I5Z@r)B^=naQ-!^Z&$$M3xZ>^)_ zjY=cN7W{@1<`&nlJeD|i=_ zPle6BoczV^Z=LIRq8_w%3mj%FyVqg)L;1{ug45@sj)|QKy&0ETUM-@v#j1U~XRAER z!;Sri|9hVE3H}08N5^6%P3~%~Eii8GpDSHiGlx&YSgS9ZkJ%y^7ccVhVw@h|*m-qx zHQfto3)|UsHDQgxk@xKW4tQq6IiK3@C|`0m{r>3Y?(l1R&XaN}uQLiND>qeH?>`yQ zw?lCZd|0{C?XSBFqq?{A^0v`CmbfqZ^he<90HxgZ%&cA)yQB7zn@3|;ZC-V6yMXj3 zrYn74S8q+ts{)D9At}C1X7ktP?`-c>epYb=%iDE4g_i!pyk5{#VDQH7KT85{c0Qw( zOib}^~71JYiA8xU{Ds-nzqC?R(AncL!h{?rvSA}ccr9K?i z)yOsx73a9lhrFA@Jk{)ZU2ZL2Qr=y8yIj4K(b~q5DPUFX8O{+|#8_}r-9z}3k6PYH zz~|8wnM(bCkBy$Xc_ey8|C^=!CNj2D@tI##%(Sz$BNQ#xZ?I62^Rzg1NY*vh(tgKR zg^BvK$mo_a{!0f&?fqKz*zl;ovb;asyyIA1{^d{N>LE&(Wb*2N=zC7Bdso4`G4OnS z$)G#`h{ri=o4}PSU)Iak2v}-<4+;qHUFOl1*Zky>)@dhK??W~^TgtL><9HiwHI1^( z&je>BsL`U=-`|xs6?Cd#!avUKUco=H4h{|n#p`0s(sJ0NiLzryOOqP}Prq>0P%TM# zwBx1t(@UGr)qPnYck=t-!328B3HOW3W$&nQ;6T{1D`uBu{wP%KD0sSDXQZ?EUCLvp zUOzt51)Hscd+Oh5w5H{)Y|PoKlb;<~P~#&SZ_(VBtfI*K=FbB{4-fGQo?05;vz~_$ z+r$6B?o_(J%4qz@xzD0(5)-?mCoez9tv1SCwKgt{$Gx{rRq9$WXV#PyZS`06;hTp# zrKEa&WBk5-adb=!`z#Q1S6DUVrtd&sCtK=J!YwcDzfR>HMf`ldozb zpDX+pxPP`+!NWY^$A7JmlNbx}t+B}2nyFcl9e5Vle_yJ{+q_EJrd8KL z_kqaZ2C)iD<&3zBM-viBIL=W|f zN}sNyq~6pC>ZR_5VbuG)Av1$|mA_>NP`I5rUes#Sbqi`$G|!ECpLZ49qI4=n#+2k) z5%H~i~+U-$FI#s4YNt|*TWpTISErXmi@}GPsM}QmMzl)NR(pyE!z;x&eMQU)^ zmXel?WbhJII`=;JMiwuI3C@8j!axFktOc{++BzV}%FLNnC@}UX#h5)lLb=PEyhszr z>!(s@B~*+iyi6GkQ^sIlEs$ijPtGom1hoRhxI>rGbeTZojwwqFO*_jPfB<}755(Eg zf?yVz0{e(CFr>r^5nxY-U<-?Z&6F4_4h~X)?~>pfC638}KuX*p2b@Wc>1oi(^d zZZC<6_=_vh_PQ;`sv4JoUTr{UCGQ~QLxj}hLNZ`SF)$@S4+DebI0zt$ zu8!qgAa%H~1lW;jM3o>WMv5#m#U+G)Qu`d&x~Z`Ab)}&Q8<3|L>adYEM}yFMv!@FY zgKIT)kyaI!vjNqO7F^43#1b>ogTK{N8Mep<9=gJVVMS=ZSLdQ6$wWvMxV3b;LJ_6N ze%u85mH{c4TMCq^?&0dKrnp*$m0&6cyQ_f^k*>J=*uf;^vk-kWxO^{xDYt)r;r*wa$Fzgk$`-&K%Z4a~arpn_~X+7ZGC5&3w%Ar;R+xQJaG}0xMiC z3pa6qIuX^;#%RS>ls5xyDI+d^scT4R83*W+9^T;|99?j=98@g>%0z}Ht@MHOh_?x9 zsxFs@mC&aQn2@&F$cCooLAvZJo8I=q&%OaVcJ|7&5ovw z#Grk{^j1r%K&5d#gjUpHOU3jC?!mRplQ`!s!SzhBiV(qn2>rHxn0O{#~kokzV`1$|APCLci7`;0lhCW+msyK)tHzw9Tpz zq1Ie-Y52Orzm_ubC5e2NQl92ao;t}7W5W>F2Gk&Rt~>*8LHa#lKydx%`zPfgR1H7G z*N_XPRt$aa0doRHH;z2N452=t5BCw?#D-P(z+wVby?VY#JVH33s7hSEo|m!)*(xvz zT?qtI##iV>0Yc)3U5g8u&Vjzwz=-U@g=&-+tDKctHkY_g2;1<5{Og*Lts7#@-M>3` zSPkXM|JihEGIdsLboFmrhR!%wubZuQt{FU^biE2AC4 zeGY~`;7}%+zfv7CHvWujr0|hSnTS3!aQ)iY?y;XxL6~0$#0mV^*z1RE#Iy+&doEZ0 zoC$&#nz{JlL>+Yr+a8m$_CnAIv~L!0!T*|?hRYH!2T9Vu9?0>y0+8wpRAx%_b8O~20q9sksd@EP@2c+xY~f!_~M!>Q5f9-42c|S0(~RoQ4S;M!+n8?io=cu zu$=PLi0t-CK=x`-7DFt6P0(qF-NR@SR^s==kg5tLbcTc{{ z;!vt53QZ`4zdST<0_J4UXr$q(QUQgn znaA^>cQbGzP^P1Oh8Gd45TUp?m#`LWYX(c^;)6zzg)0r;J(FmLFy`|0SsTC~3jld* zkqiS{5R)DH(5w|m!>pF+E3OS!j~L==IVfWYME`Siq}h#c>t|z_rpT`++Lno%>5%?| zkptQqbC}c$YzTI_i!UDXML8(_r|b?k0B*Dfx-)m`%ozOZ_WWuG9oxVnGRA>6ROK)i z0OOp2!oOaFCS1SU6~LJFK!3)oXt$P>IbtviF__0yAN~z+RXZ>wy+*bp=1Cq9wgWAq z`o) z;c?`d`|cJ_gk}#=uNNKx$}=oRC*17Q*vGk2%tuRTvY z0a*`#4pFBo{?`7j-Yn?lAMWExdfQW+~FP|WW&BUF67OIM6uN7bFi0M0 zgPA;pcAKo<(JWpJE8-`#O_w)P{0x(AB;uI<9;J8`dm4s2?vuoSHxtHFOfM435^kT5 z#G$RisjchcT#u|}&3w~&FzoOQ4AaMJJ!RqCa=?IfWk9BIgLw{*Fc;MOrmm(LVAx5R zAp)cjt$3lH)k8qKC%Wn+KS8y2wSmc26r7weh8Z9#IoMVXlnYakW9Z9?p4f0KEpETiNr{}2G~+y$H=|wbMi|>6J?_f!v$;M= zD{fWdm$qGY+`ZWPxS7#}P4KFB21Q9{ih}gLL}YVb{-)wDD7J{PGwJR~jG%@}c;(1E z?@Qa6x%ZO8R%9m+`?f|iF3U!HY{1{|TI2eM$GTVd86eHOMG@S)pBH|AFa z);nE%5Y>IwF<3XFx8X}<@^f}wHqWOSf;tU(DSfAgUGsVz^VYrcF+QuSWn%dEr>sSt zu2=O=2WUBe26c<9k6c_Tvvh}z%Abu@J67s#4hTD+q#)q%Jh|;tn6_M>ZBuUB$L9Mr z(g$A`9Zwk!I+g8ZRj4W0-X_?0X+&t#hohA(8?K4Z&Y4&epH$i<<`*hq?r>r^dfO=iHOYs{;2u#wO-&&Vd%V!lQZV8`Jy^FYhkqR&<2M~&5>ISt5oH! zvLhLBwz9QqANPbW4BurUK9u~fH^!5ZKDaMb>B{%Nt@O@0m2ArJ@yCQ;ILBo4tsb55 zf9zqod7vorqI{oDkl>5x9ln0UCdq8uyYiVAU0Y9fHgx(QOZ&oh5L_U)Ceu6ae9~jS zqRcfb>WkF%Q*TIx?N-0%bLzK~U0GkovLdhV-E=Ef{(T6`+rIIv)!tRNHZs4C6-UZe ziDQhX&x}BXuD_^ntt$A&+S=8+$+}D}AN7`riOlV4IqEBet!wUB#Il3c z)*Bl&B_xP2_U}D699R+^dZI7m-TcX#g-v;Y$ z9&fRq|5_p>cO>(E!v=P}K}%iH1Tw-@*ChvoZ3OJ#WO z2knQNx0kvm4u=FUU65+)x0b^S8olCOW5?f^9~;pn+R2uhw>4s9qNnNc;gU9?x?yYI z{wD4A;U@Y1=VSio9#{-)vz*{db$7JbZ00#S82ESIGpr4BtPuzdX{X zDgEF`bi%E2TlF(vI!7;#=~b{#XTCkXVBhn)7MIrDb}@gjvQz9u9269uh27U>XkB1E zteUy}g=em%-*0pI<%0||?2bo$=nRg#Ci-@VQ9Qf0u4M)mScF{poi{nCUFd{hEeS!I; zL#RK|fE{R7uL1L&UH|s9JMhYPZ>^(Iy31q#b%GAHKIMMJaZZdMPYi9NQnK^)ikv>_ zC0l6pY!h{u!wfMBS!|J2|Elss+CNX+i%y=)f7bPSqfGmO@tvQBSL!9kADjJqZXY8r z`t!iZ&bRxPY)dsxQC8IHHCmU^ZyB<)VgJ+kB9>&1)&`C6gH9b4Ps-xL-v;sT)U?#F z+gZ3n@5ReqB6*XCU&o3jmYmHDG#b_4UuG#^;WE$I<9lwSQAJ!riiGcx>jhUXw0;(K zkF4$znG~36#50L*UT7QIM74-n;kGl$#^8N)fa;0XC!SD^VF5nX1;@`!QY~pbDTr!0 zyV6rB7QqX?ltyTlC$;-H*MizrzUE4`oUnp|sn%4yj9U3|LMi6ak}_(QQ#L`ZGAdZq z>UJd$rO{RWN{;XuukQUyI$!z7UyNL7kItnO9A0NpPW|)FhL`AX-`Azz^W?*@oeXXZ zhX(3~^kTz?70Ei2yxn*&zn( zNG*hgH z0v|FIj)@A$qyW$716@iwM;$z)q(Bn{kTVkJ4;^rfl-^tdoGGE(a_~cdjKJL-d?$;= z*|ZvDQw02W-~f3fIES6VS1Oo;F5naeklp|eQp;p_04WB2FK}6cmM z-Sz_(#e0Yix+%{$9syNUlyjoNZfY452V}{iOD{&}Oe>m0?@2+g(qLwb%K$l5KVQe9|N3OOM0R#Fd3ojJ`eRA_@5tzN~G8*J|ZSnT< z-MiCE+rbX-Nbyb&!f5a32aRIXM+|#o-T`%rfjr6MSPW+Ke8r$&F)&c#4tW)M6?--d zVVIa4hAo)VLcf`ZjCi>y75IqM4%o7T1*4+!@--tlmPYk?U`MM0Agq)Hll&Vp(zL0k`csnz-*uj zFLQteDR_$nJeEp$4NDp-l>qVqgeE0On#e*@7G#$ID%&Tx(pg$uEbgwwgzZ0f`nWqE zm*R_;D?zzZAWtM`di2IHRhma&IYP2vSm_jVY$?)zVT?PP&4LxBK#?jNSL$err1EGa zXTn$YfJrb<&*d1#qA|}iLufUaR7@dhqdE=w-V9eZH-L}IrhIr+hOGT8E8-yg|_|D}paz;{F{IK&Zf`h1;al6P+ zGAgVws+$&#Ljwj>0Ao@;zXGX?xfAMc?&?saa*9}?67Arg#Lgp6scB*!bsI%{M7kHf z=jqUh^!X>QKeeeJ9ML9*u(#iE`&>m`-jR+SL)7M6N4GZ-AOSF)1Z0tDU3pkLywlJ zx};Vkx2z)3jw0gb3fu7(a;V}8 zx%DGg{y$sSxm!GWxb`)*={Pmxd)Pt9*Je~1Ra%@L`B1SA=n}qu{5q~Uin6f{`Kw1m zNfg0=I$%zqM3#jm8zR&@^rb(GYj5IV95tAVo?0?*g7xU~X@gyLKoS=!6(M#A4jC_I zLO#;xzErEzEX9=KoHC97aO5Elp2Ow%^$KO;J|LODa-~-*@ZL&A&FQP1oQhOr8dq`9 z{k+`}y=K$M3#y=310esjfN>3o;`~Fry;lX^ZkTfUF;|+_i{E}U55}WoM!2hGGphFl zF=->0=|vQKg`143L;uDp{fI`SuQLh*0FZ*$8mSZMzROOU4`o#modWtgEdNfbwQXy#E0_5Po%|L++O{oQi79z|Qlc#QBsO|$MQcg$T`84}CL}5Y;&?CI8 z_wx#!gAni0mwt2p5QBp)z=&dRMeN%opm8fOBqgC-$!jS%)(YmpCDK50`U(C%anV{0 zMb5n|=v8?s!^JNr8MJOA2KU*}<~A@VB?(BvdqV-henqhKKV=)|A{FLA;Wl7Fc-_dW z1MedXk5O(dXt6b_!aZ%kfk2r~4C-YdR3SpqkJsb^__Ph^D|07@Jr*uJ-1GAtReu?c z>)Ap8#WVqVH<2Djv?EX47DLB7KpNg?pSsANa>awXT=8tEwgia%-@_x#X?fKofMIH) z7^Xn8vTPYwO_St5ga~+y%wXyru$u5LcS*)kFBF3Uib0d6XKW3i&uXAGop;H}!x<*% z<}Vfh^<0kFz|9>%n_#@|^>sb>Znj0$nL}grb^_5`+x%6)HQVp?B>eH_W`IF3^b>`>HTK?@h-~keAMyK-SqR5d1%=maG(pU zCcV+Ti@ezq0Uht5!+PT`5P>(?U?$NxspNA3hKGLw$lGCP-_>Al_P-$u^xJ##7#AuH zO{0P0v^NvqUHy7de!WqC>ABe*%f*w=-Spi4>v@QZhne?)CXuhKZ?P{8&~Tk6iD4=~ zNUL - ) else ( - "%JAVA_PATH%\java.exe" %moduleaccess% -cp "%IBC_CLASSPATH%" %JAVA_VM_OPTIONS% %AUTORESTART_OPTION% %ENTRY_POINT% "%CONFIG%" "%FIX_USER_ID%" "%FIX_PASSWORD%" %MODE% 2>NUL - ) -) else if defined GOT_API_CREDENTIALS ( - "%JAVA_PATH%\java.exe" %moduleaccess% -cp "%IBC_CLASSPATH%" %JAVA_VM_OPTIONS% %AUTORESTART_OPTION% %ENTRY_POINT% "%CONFIG%" "%IB_USER_ID%" "%IB_PASSWORD%" %MODE% 2>NUL -) else ( - "%JAVA_PATH%\java.exe" %moduleaccess% -cp "%IBC_CLASSPATH%" %JAVA_VM_OPTIONS% %AUTORESTART_OPTION% %ENTRY_POINT% "%CONFIG%" %MODE% 2>NUL -) +:: Start IBC without passing credentials as command-line arguments +:: Credentials are now passed via environment variables (TWSUSERID, TWSPASSWORD, FIXUSERID, FIXPASSWORD) +"%JAVA_PATH%\java.exe" %moduleaccess% -cp "%IBC_CLASSPATH%" %JAVA_VM_OPTIONS% %AUTORESTART_OPTION% %ENTRY_POINT% "%CONFIG%" %MODE% 2>NUL ::======================== Handle IBC exit conditions ============== diff --git a/resources/scripts/ibcstart.sh b/resources/scripts/ibcstart.sh index 71c579d..a15902e 100644 --- a/resources/scripts/ibcstart.sh +++ b/resources/scripts/ibcstart.sh @@ -476,6 +476,21 @@ elif [[ -n $got_api_credentials ]]; then hidden_credentials="*** ***" fi +# Set credentials as environment variables instead of command-line arguments +# to prevent them from appearing in process lists +if [[ -n $fix_user_id ]]; then + export FIXUSERID="$fix_user_id" +fi +if [[ -n $fix_password ]]; then + export FIXPASSWORD="$fix_password" +fi +if [[ -n $ib_user_id ]]; then + export TWSUSERID="$ib_user_id" +fi +if [[ -n $ib_password ]]; then + export TWSPASSWORD="$ib_password" +fi + # prevent other Java tools interfering with IBC JAVA_TOOL_OPTIONS= @@ -504,15 +519,9 @@ do # forward signals (see https://veithen.github.io/2014/11/16/sigterm-propagation.html) trap 'kill -TERM $PID' TERM INT - if [[ -n $got_fix_credentials && -n $got_api_credentials ]]; then - "$java_path/java" $moduleAccess -cp "$ibc_classpath" $java_vm_options$autorestart_option $entry_point "$ibc_ini" "$fix_user_id" "$fix_password" "$ib_user_id" "$ib_password" ${mode} 2>/dev/null & - elif [[ -n $got_fix_credentials ]]; then - "$java_path/java" $moduleAccess -cp "$ibc_classpath" $java_vm_options$autorestart_option $entry_point "$ibc_ini" "$fix_user_id" "$fix_password" ${mode} 2>/dev/null & - elif [[ -n $got_api_credentials ]]; then - "$java_path/java" $moduleAccess -cp "$ibc_classpath" $java_vm_options$autorestart_option $entry_point "$ibc_ini" "$ib_user_id" "$ib_password" ${mode} 2>/dev/null & - else - "$java_path/java" $moduleAccess -cp "$ibc_classpath" $java_vm_options$autorestart_option $entry_point "$ibc_ini" ${mode} 2>/dev/null & - fi + # Start IBC without passing credentials as command-line arguments + # Credentials are now passed via environment variables (TWSUSERID, TWSPASSWORD, FIXUSERID, FIXPASSWORD) + "$java_path/java" $moduleAccess -cp "$ibc_classpath" $java_vm_options$autorestart_option $entry_point "$ibc_ini" ${mode} 2>/dev/null & PID=$! wait $PID diff --git a/src/ibcalpha/ibc/DefaultLoginManager.java b/src/ibcalpha/ibc/DefaultLoginManager.java index d6326fa..0c68df5 100644 --- a/src/ibcalpha/ibc/DefaultLoginManager.java +++ b/src/ibcalpha/ibc/DefaultLoginManager.java @@ -32,12 +32,17 @@ public DefaultLoginManager() { } public DefaultLoginManager(String[] args) { - ibapiCredentialsFromArgs = getTWSUserNameAndPasswordFromArguments(args); - fixCredentialsFromArgs = getFIXUserNameAndPasswordFromArguments(args); - message = "will get username and password from " + - (ibapiCredentialsFromArgs ? "args" : "settings") + - "; FIX username and password (if required) from " + - (fixCredentialsFromArgs ? "args" : "settings"); + boolean ibapiCredentialsFromEnv = getTWSUserNameAndPasswordFromEnvironment(); + boolean fixCredentialsFromEnv = getFIXUserNameAndPasswordFromEnvironment(); + + ibapiCredentialsFromArgs = ibapiCredentialsFromEnv || getTWSUserNameAndPasswordFromArguments(args); + fixCredentialsFromArgs = fixCredentialsFromEnv || getFIXUserNameAndPasswordFromArguments(args); + + String ibapiSource = ibapiCredentialsFromEnv ? "environment" : (ibapiCredentialsFromArgs ? "args" : "settings"); + String fixSource = fixCredentialsFromEnv ? "environment" : (fixCredentialsFromArgs ? "args" : "settings"); + + message = "will get username and password from " + ibapiSource + + "; FIX username and password (if required) from " + fixSource; } public DefaultLoginManager(String username, String password) { @@ -194,4 +199,26 @@ private boolean getTWSUserNameAndPasswordFromArguments(String[] args) { return false; } + private boolean getTWSUserNameAndPasswordFromEnvironment() { + String username = System.getenv("TWSUSERID"); + String password = System.getenv("TWSPASSWORD"); + if (username != null && !username.isEmpty() && password != null && !password.isEmpty()) { + IBAPIUserName = username; + IBAPIPassword = password; + return true; + } + return false; + } + + private boolean getFIXUserNameAndPasswordFromEnvironment() { + String username = System.getenv("FIXUSERID"); + String password = System.getenv("FIXPASSWORD"); + if (username != null && !username.isEmpty() && password != null && !password.isEmpty()) { + FIXUserName = username; + FIXPassword = password; + return true; + } + return false; + } + } From 1c6dfde96a5d0062499c7c45a7a72acaf02ec9c3 Mon Sep 17 00:00:00 2001 From: ci Date: Tue, 28 Oct 2025 23:35:58 -0700 Subject: [PATCH 2/3] Update version number to 1037 and refactor credential handling in scripts --- resources/StartGateway.bat | 4 ++-- resources/StartTWS.bat | 4 ++-- resources/commandsend.sh | 2 +- resources/gatewaystart.sh | 14 +++++++------- resources/twsstart.sh | 10 +++++----- resources/twsstartmacos.sh | 6 +++--- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/resources/StartGateway.bat b/resources/StartGateway.bat index c88d8da..a23c148 100644 --- a/resources/StartGateway.bat +++ b/resources/StartGateway.bat @@ -31,7 +31,7 @@ setlocal enableextensions enabledelayedexpansion ::=============================================================================+ -set TWS_MAJOR_VRSN=1019 +set TWS_MAJOR_VRSN=1037 set CONFIG=%USERPROFILE%\Documents\IBC\config.ini set TRADING_MODE= set TWOFA_TIMEOUT_ACTION=exit @@ -62,7 +62,7 @@ set HIDE= :: :: Build 10.19.1f, Oct 28, 2022 3:03:08 PM :: -:: The major version number is 1019 (ie ignore the period after the first +:: The major version number is 1037 (ie ignore the period after the first :: part of the version number). :: :: Do not include the rest of the version number in this setting. diff --git a/resources/StartTWS.bat b/resources/StartTWS.bat index 3457b51..31e41c4 100644 --- a/resources/StartTWS.bat +++ b/resources/StartTWS.bat @@ -29,7 +29,7 @@ setlocal enableextensions enabledelayedexpansion ::=============================================================================+ -set TWS_MAJOR_VRSN=1019 +set TWS_MAJOR_VRSN=1037 set CONFIG=%USERPROFILE%\Documents\IBC\config.ini set TRADING_MODE= set TWOFA_TIMEOUT_ACTION=exit @@ -58,7 +58,7 @@ set HIDE= :: :: Build 10.19.1f, Oct 28, 2022 3:03:08 PM :: -:: The major version number is 1019 (ie ignore the period after the first +:: The major version number is 1037 (ie ignore the period after the first :: part of the version number). :: :: Do not include the rest of the version number in this setting. diff --git a/resources/commandsend.sh b/resources/commandsend.sh index caeaee6..6269472 100644 --- a/resources/commandsend.sh +++ b/resources/commandsend.sh @@ -32,6 +32,6 @@ if [[ -z "$1" ]]; then fi # send the required command to IBC -(echo "$1"; sleep 1; echo "EXIT"; echo "quit" ) | /usr/local/bin/telnet "$server_address" $command_server_port +(echo "$1"; sleep 1; echo "EXIT"; echo "quit" ) | /usr/bin/env telnet "$server_address" $command_server_port diff --git a/resources/gatewaystart.sh b/resources/gatewaystart.sh index f7a48f7..abb4bce 100644 --- a/resources/gatewaystart.sh +++ b/resources/gatewaystart.sh @@ -18,18 +18,18 @@ #=============================================================================+ -TWS_MAJOR_VRSN=1019 +TWS_MAJOR_VRSN=1037 IBC_INI=~/ibc/config.ini TRADING_MODE= -TWOFA_TIMEOUT_ACTION=exit +TWOFA_TIMEOUT_ACTION="exit" IBC_PATH=/opt/ibc TWS_PATH=~/Jts TWS_SETTINGS_PATH= LOG_PATH=~/ibc/logs -TWSUSERID= -TWSPASSWORD= -FIXUSERID= -FIXPASSWORD= +TWSUSERID=${TWSUSERID:-} +TWSPASSWORD=${TWSPASSWORD:-} +FIXUSERID=${FIXUSERID:-} +FIXPASSWORD=${FIXPASSWORD:-} JAVA_PATH= HIDE= @@ -49,7 +49,7 @@ HIDE= # # Build 10.19.1f, Oct 28, 2022 3:03:08 PM # -# The major version number is 1019 (ie ignore the period after the first +# The major version number is 1037 (ie ignore the period after the first # part of the version number). # # Do not include the rest of the version number in this setting. diff --git a/resources/twsstart.sh b/resources/twsstart.sh index e70eef4..6e0d978 100644 --- a/resources/twsstart.sh +++ b/resources/twsstart.sh @@ -18,16 +18,16 @@ #=============================================================================+ -TWS_MAJOR_VRSN=1019 +TWS_MAJOR_VRSN=1037 IBC_INI=~/ibc/config.ini TRADING_MODE= -TWOFA_TIMEOUT_ACTION=exit +TWOFA_TIMEOUT_ACTION="exit" IBC_PATH=/opt/ibc TWS_PATH=~/Jts TWS_SETTINGS_PATH= LOG_PATH=~/ibc/logs -TWSUSERID= -TWSPASSWORD= +TWSUSERID=${TWSUSERID:-} +TWSPASSWORD=${TWSPASSWORD:-} JAVA_PATH= HIDE= @@ -47,7 +47,7 @@ HIDE= # # Build 10.19.1f, Oct 28, 2022 3:03:08 PM # -# The major version number is 1019 (ie ignore the period after the first +# The major version number is 1037 (ie ignore the period after the first # part of the version number). # # Do not include the rest of the version number in this setting. diff --git a/resources/twsstartmacos.sh b/resources/twsstartmacos.sh index b33583f..bfb9191 100644 --- a/resources/twsstartmacos.sh +++ b/resources/twsstartmacos.sh @@ -21,13 +21,13 @@ TWS_MAJOR_VRSN=10.19 IBC_INI=~/ibc/config.ini TRADING_MODE= -TWOFA_TIMEOUT_ACTION=exit +TWOFA_TIMEOUT_ACTION="exit" IBC_PATH=/opt/ibc TWS_PATH=~/Applications TWS_SETTINGS_PATH= LOG_PATH=~/ibc/logs -TWSUSERID= -TWSPASSWORD= +TWSUSERID=${TWSUSERID:-} +TWSPASSWORD=${TWSPASSWORD:-} JAVA_PATH= From 54e625e005c1e628f18334d778fa77820975da2f Mon Sep 17 00:00:00 2001 From: ci Date: Tue, 28 Oct 2025 23:43:01 -0700 Subject: [PATCH 3/3] Add environment variable setup for Interactive Brokers credentials in README --- README.md | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 69 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8c4641b..f46e728 100644 --- a/README.md +++ b/README.md @@ -59,10 +59,78 @@ there are separate release files for Windows, macOS and Linux. Users who want to make changes to IBC should clone this repository in the usual way. +Setup and Usage +--------------- + +### Environment Variables for Credentials + +For security, you can specify your Interactive Brokers credentials using environment variables instead of hardcoding them in the configuration file: + +```bash +export TWSUSERID="your_username" +export TWSPASSWORD="your_password" +``` + +For FIX CTCI Gateway: + +```bash +export FIXUSERID="your_fix_username" +export FIXPASSWORD="your_fix_password" +``` + +These environment variables will be read by the startup scripts (`gatewaystart.sh`, `twsstart.sh`, etc.) and override any credentials in the `config.ini` file. + +### Configuration File + +Edit the `config.ini` file to set your preferences. Key settings include: + +- `IbLoginId` and `IbPassword` - Your IBKR credentials (or use environment variables) +- `TradingMode` - Set to `live` or `paper` +- `FIX` - Set to `yes` for FIX CTCI Gateway + +See the comments in `resources/config.ini` for all available options. + +### Running the Scripts + +**Linux/macOS:** + +Start Gateway: +```bash +./resources/gatewaystart.sh +``` + +Start TWS: +```bash +./resources/twsstart.sh +``` + +Other useful scripts: +- `./resources/stop.sh` - Stop IBC +- `./resources/restart.sh` - Restart IBC +- `./resources/commandsend.sh` - Send commands to running IBC + +**Windows:** + +Use the `.bat` equivalents in the `resources` folder: +- `StartGateway.bat` +- `StartTWS.bat` +- `Stop.bat` +- `Restart.bat` + +### Script Configuration + +Before running, edit the script files to set: + +- `TWS_MAJOR_VRSN` - Your TWS/Gateway version number +- `IBC_INI` - Path to your config.ini file +- `IBC_PATH` - Path to IBC installation +- `TWS_PATH` - Path to TWS/Gateway installation +- `LOG_PATH` - Where to store log files + User Guide ---------- -Please see the [IBC User Guide](userguide.md) for installation and +Please see the [IBC User Guide](userguide.md) for complete installation and usage instructions. The User Guide is also included as a PDF file in the download ZIPs.