Brief Description:

This tutorial deals with the steps on how to encrypt the plain text passwords in the Ephesoft files to increase security of the application.

 

Note:

  1. We manually have to replace the plain text passwords in the Ephesoft configuration files with the Encrypted password that gets generated with the Password Encryption Utility.
  2. The passwords can be encrypted in server.xml file(database passwords & LDAP / AD connection password), dcma-ftp properties file, user-connectivity file and etl-properties file under dcma-reporting.
  3. Username’s can also be encrypted in a similar way.
  4. The encryption mechanism is similar for almost all the version, this tutorial largely focuses on the ephesoft versions above 4060 for both Windows & Linux Environment.

 

Components

Security, Encryption & Decryption

 

Steps to Encrypt the passwords:

  1. Run the Encryptor.sh / Encryptor.bat (Ephesoft\Application\native\encryption)  where it will ask for plain text password and will convert it into encrypted text. Just make a note of all the encrypted passwords in a text file that needs to be replaced with the plain text in the configuration files.
  2. The location where you will need to change the plain text password is server.xml, user-connectivity(dcma-user-connectivity), etl-properties(dcma-reporting), ftp.properties(dcma-ftp) file.
  3. Open the dcma-encryption.properties file (Ephesoft\Application\WEB-INF\classes\META-INF\dcma-encryption) and set the value for password.use_encryption & password.encrypt to true.
  4. If using LDAP & AD password Encryption in server.xml 
    a. Add a comment to <Realm className=”org.apache.catalina.realm.UserDatabaseRealm” resourceName=”UserDatabase”/>
    b. In the realm settings change the value in the Realm Class name from org.apache.catalina.realm.JNDIRealm  to  <Realm className=”com.ephesoft.realm.EphesoftRealm“/>
    c. Use the encrypted password generated for connectionPassword property when you configure AD in server.xml file.
  5. If using Database Password encryption in server.xml
     a. Change the factory attribute in the Resource tag to “com.zaxxer.hikari.encryption.EncryptedHikariJNDIFactory” and provide the encrypted password in the datasource.password attribute that was generated.
    Note: To ensure successful DB connection, all Oracle DB passwords in server.xml have to be enclosed in quotes (e.g. dataSource.password=”&quot;Passw0rd&quot;”). When using Encryptor, make sure to provide only the password, without the double quotes (e.g. Passw0rd).
  6. Along with these changes, make sure to change the password parameter in dcma-ftp since by default we use *(asterik) in password property which may cause an error and if not using ftp also you can use any encrypted password over here.
  7. Make a final username and password change in etl-variables.properties file (Ephesoft\Application\WEB-INF\classes\META-INF\dcma-reporting). Note that here it is important to encrypt both ephesoft.loginusername and ephesoft.loginpassword.
  8. Once all these plain text passwords are replaced you can go ahead and restart the service.

 

Was this article helpful to you?

Abhishek Jain