Overview

This feature is responsible for masking the password fields across all the Ephesoft application UI. It covers UI fields like passwords used in plugin configuration, E-mail configuration, CMIS repository configuration etc. The values of the identified password fields will be encrypted upon persistence to database and these values will be masked from the UI.

Coverage

Areas covered

Plugins

Following plugins have been identified for consisting of password fields.

  1. CMIS Export
  2. DB Export
  3. File-Bound plugin
  4. Fuzzy-DB Extraction plugin

The password field in these plugins has been marked as “PASSWORD” field type and thus receives special treatment of encryption and masking.

Email import

Email accounts used to fetch input batches for processing contains passwords to the configured Email account. These account settings are used to provide authentication while reading mails from the configured account. The password field for all the accounts is now being encrypted and masked.

CMIS import

CMIS repositories configured for importing documents from repository contains password to the account to access the repository. The password field for all the accounts is now being encrypted and masked.

Configuration

Configurable Properties

Following are the list of configurable properties for the above configuration:

Encryption properties

Upon Ephesoft server start-up, all the existing password fields will be encrypted based on the following properties added in the META-INF\dcma-encryption\dcma-encryption.properties file.

 

400px-3.1_PasswordMasking_10001

 

Configurable property Type of value Value options Description Default value
password.encrypt Boolean True

False
Defines whether the passwords will be encrypted on application start-up.

True, if the passwords need to be encrypted

False, otherwise
True
password.encrypt_suffix String Any string Defines the password suffix that will be used with passwords. Only change it once before applying this feature. ##EPHESOFT##

 

Working

Encryption

Following steps are used for encrypting password fields on server start-up.

  1. If “password.encrypt” property is set to “true”, encryption of the fields takes place.
  2. The application then locates all the areas covered under password encryption.
  3. All the values of identified fields are then encrypted with Ephesoft’s in-house encryption algorithm based on password based encryption algorithm.
  4. The encrypted value is then appended with “password.encrypt_suffix” property value.
  5. Then these values are persisted in the database.
  6. After doing this activity once, we do not need the repeat of process on each server start up. Hence, after the encryption the value of “password.encrypt” will be updated to “false”.

 

Following steps are used for encrypting password fields post server start-up.

  1. After the encryption of values, if the user alters value of any such field, its value will be encrypted before persisting it in the database.

 

Masking

All the password fields will be masked

  • User can create multiple regex patterns for each document level field. This is shown below in the screenshot:

 

400px-3.1_PasswordMasking_10002

 

Steps of execution

  • Plug-in uses the regex pattern defined for each document type in document level fields.
  • It matches all the regex defined with each document level fields from batch.xml. If all the values of document level fields are matched with regex defined then that document’s “Valid” tag is set to true, otherwise it is set to false.
  • The documents that are valid do not need validation but those which are set as false for valid tag are to be validated during Validation.

Troubleshooting

Following are few common error messages seen due to mal-functioning of the plugin:

 

S. No. Error message Possible root cause
1 Invalid initialization of field service. No field type initialized in a document.
2 Invalid input pattern sequence. Regex pattern is not supplied for required field.

 

 

 

 

Was this article helpful to you?

wikiadmin

Comments are closed.