APEXExport Utility - Encrypt Password?

Hi,
I was wondering if there's a way to encrypt the password for the APEXExport utility? The utility works very nicely, but due to security purposes, I can't have the unencrypted password sitting there. I wanted to schedule it to run daily as a job, but the password would be an issue on the server.
Thanks,
Nora

If you've licensed the Advanced Security Option for the database, you can use the Oracle Wallet Manager to store encrypted passwords for use with batch utilities and shell scripts.
Tyler

Similar Messages

RBACx Encrypted Password Change Utility

Hi all,
In the OIA/SRM installation guide, there is a reference to a tool, to find out the password of rbacxservice.
"Oracle Identity Analytics utilizes an encrypted password when communicating with the database.
To change the default database password, use the RBACx Encrypted Password Change Utility"
Could you please help me finding out this tool.
Many thanks in advance.
Warm regards,
Manipradeep Sunku.

The mentioned tool only encrypts the password so that you don't have to store a plain text password in the config file. It does not decrypt it. The default rbacxservice password is rbacxservice.
The tool does not come with the OIA/SRM distribution so if you need it, you will need to contact support.

Utility to generate the triple des (3DES) encrypted password in wl 6.1?

To take advantage of the encrypted passwords in config.xml, as of wl 6.1, is
there a weblogic utiltiy or api tha could be used to encrypt plaintext into
the triple-des symmetric key PRIOR to having an SA or DBA type it into the
console? This would help me greatly in the deployment and security of
passwords.
Thanks in Advance,
Steve Rogers

Hi,
Thank you for your question.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Best Regards,
Aiden
Aiden Cao
TechNet Community Support

How can i find my encryption password?

i totally forgot my encryption password and i need help...

Hello APaq17. Welcome to the Apple Discussions!
According to my deskside support i need to figure out my SSID.
The SSID is the same as the wireless Network Name. By default, your AirPort Express Base Station (AX) will broadcast a wireless network with a Network Name of "Apple Network NNNNNN" unless you changed it.
How do i find my encryption type?
By default, the AX's wireless network would be unencrypted. You enable wireless encryption by using the AirPort Utility. Depending on the model of your AX, it should be capable of providing the following security types: WEP, WPA, & WPA2.
(ref: AirPort Utility > Select the AX > Manual Setup > AirPort > Wireless > Wireless Security)
Where can i find my password or network key?
Again this would be something you would have created when enabling wireless encryption.

How to encrypt password with hash function in Java?

Hello, everybody!
I will need to store user passwords in a database, but for stronger security I want to store these passwords hashed, so I know I will need a column for the password and for the salt value.
So, I'd like that you indicate me a very good article or tutorial (preferable from Sun) that shows me how to use Java to encrypt and decrypt passwords with hash. It doesn't necessarily need to deal with database. I can implement this part myself after seeing how Java manage encryption with hash functions.
Thank you very much.
Marcos

I will tell you more precisely what I want to get better for you to help me.
As I said I implemented in .NET what I need to implement in Java now. In my
database I have a table with this structure (I omitted that columns that are not
necessary to our discussion):
CREATE TABLE EMPLOYEES
ID NOT NULL PRIMARY KEY,
PASSWORD VARCHAR(40), -- password encrypted
HASH_SALT VARCHAR(10) -- salt value used to encrypt password
So, in the table I have a column to store the password encrypted and a column to
store the salt value.
Below is a little utility class (in C#) that I use to generate the salt and
the hashed password.
public static class PasswordUtilities
    public static string GenerateSalt()
        RNGCryptoServiceProvider encoder = new RNGCryptoServiceProvider();
        byte[] buffer = new byte[5];
        encoder.GetBytes(buffer);
        return Convert.ToBase64String(buffer);
    public static string EncryptPassword(string password, string salt)
        string encryptedPassword =
            FormsAuthentication.HashPasswordForStoringInConfigFile(
            password + salt, "SHA1");
        return encryptedPassword;
}As you can see, the class is fairly simple. It only has two methods: one to
generate the salt value that will be used to encrypt the password and another
one to encrypt the password. The method HashPasswordForStoringInConfigFile of
the FormsAuthentication class is what really hash the password with the salt
value. This class belongs to the .NET library, so we can't see its source code,
but it doesn't matter for our discussion as I know that we can implement
something similar in Java.
Below is a little sample code showing the use of the utility class above to
encrypt a password.
public class Encrypt
    public static void Main(string args[])
        string password = "Secret";
        string salt = PasswordUtilities.GenerateSalt();
        string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
        // now I store 'encryptedPassword' in the PASSWORD column and 'salt'
        // in the HASH_SALT column in the EMPLOYEES table.
}To verify if a password is correct I can use the code below:
public class VerifyPassword
    public static void Main(string args[])
        string password = GetPasswordFromUser();
        // Let's assume that employee is an instance that corresponds to a row
        // in the database and the properties HashSalt and Password correspond
        // to the HASH_SALT and PASSWORD columns respectively.
        Employee employee = GetEmployeeFromDatabase(1);
        string salt = employee.HashSalt;
        string encryptedPassword = PasswordUtilities.EncryptPassword(password, salt);
        bool passwordMatch = employee.Password.Equals(encryptedPassword);
        System.Console.WriteLine(passwordMatch);
}The only thing that interest me in this discussion is the PasswordUtilities class.
As you saw its code is in C#, using the .NET framework libraries.
What I want is to have this same little class coded in Java, to generate the salt
value and to encrypt the password passed in using salt value generated. If you could
help me to do that with articles that have what I want or with code that already do
that I would really appreciate.
Thank you in advance.
Marcos

How to encrypt password in serverstopper class??

Hi,
I have configured the weblogic server as windows service and currently using boot identity file for username/pw to startup. To enable graceful shutdown of the server, i am using serverstopper class. But to facilitate changing of pw, i am reading the password from a property file in which the password is stored in plain text format. Is there a way to encrypt the password and configure serverstopper class to use the encrypted password or the serverstopper class can use boot identity file to shutdown? When i tried the serverstopper class without username/pw, i am not able to shutdown the service and getting anonymous user can't shutdown the service. Thanks in advance for your reply.
Thanks,
Kuppusamy.V.,

Hi Kuppuswamy,
Here is the simple "WLST interpreter script", I didn't have time so tried to keep java code as simple as possible(didn't follow good coding practices :-( ). Before executing this java program you need to generate keys. Below is the procedure for that.
Assumption :-
BEA_HOME :- /usr/VASVijay/bea10mp1
WL_HOME :- BEA_HOME/wlserver_10.0
1) Go to WL_HOME/server/bin and set the environment by executing "setWLSEnv.sh".
2) Then execute below command which generate "userconfig" and "userkey" files in the directory you had execute this command
java weblogic.Admin -adminurl t3://adminserverl:port -username <adminusername> -password <adminpassword> -userconfigfile userconfig -userkeyfile userkey -STOREUSERCONFIG
This command prompts for "Y" or "N", select "Y", then creates two files "userconfig" and "userkey"
3) Validate above keys are correct, execute below command
java weblogic.Admin -adminurl t3://adminserverl:port -userconfigfile userconfig -userkeyfile userkey -GETSTATE
Above command should display "RUNNING".
4) Compile below java code and execute. Change the server name(VASMS1) in "shutdown('VASMS1','Server') according to your server name.
import java.util.*;
import weblogic.management.scripting.utils.WLSTInterpreter;
import org.python.util.InteractiveInterpreter;
public class VASServerShutdown
static InteractiveInterpreter interpreter = null;
VASServerShutdown()
interpreter = new WLSTInterpreter();
private static void connect()
StringBuffer buffer = new StringBuffer();
buffer.append("connect(userConfigFile='/usr/VASVijay/VASDomains/VASNewDomain/userconfig',userKeyFile='/usr/VASVijay/VASDomains/VAS
NewDomain/userkey',url='t3://localhost:8001') \n");
buffer.append("print(cmo)");
interpreter.exec(buffer.toString());
public static void serverShutdown()
StringBuffer buffer = new StringBuffer();
buffer.append("shutdown('VASMS1','Server')");
interpreter.exec(buffer.toString());
public static void main(String args[])
new VASServerShutdown();
connect();
serverShutdown();
Let me know if you have any issues or you require something additional.
Thanks.
Vijay Bheemineni.
Edited by: VAS Vijay Bheemineni on Nov 3, 2009 9:18 PM

HT5624 Hello, how do I reset my encrypted password

I can't recall my encrypted password for my back up. How do I remove the password?

You will have to guess until you get it correct, or you can just make a new backup and start fresh, unless you are on a Mac. See the instructions below.
Source: http://support.apple.com/kb/TS5162
iOS: Troubleshooting encrypted backups
Symptoms
When you restore from a backup in iTunes, you may be asked for a password to unlock the backup. Learn what to do if you can't remember or do not know your backup password.
Resolution
One of these situations may apply:
Backup encryption was enabled, but you do not know the password
An administrator installed a profile on your device that requires backup encryption
When backup encryption is first enabled, iTunes asks to enter a password and then creates a new encrypted backup for the device. iTunes will continue making encrypted backups until you deselect the Encrypt backup checkbox in the iTunes Device Summary screen. You need the backup password to disable backup encryption or to restore from an encrypted backup. The setting to encrypt backups is stored on the device.
You can keep trying to restore the device from backup until you remember the password. If you're having trouble, try:
Leaving the password field blank
Your Apple ID password
Your computer account password, if you have one
Email passwords you may have used
Your Wi-Fi network password
Website passwords you may have used
A password for hard-disk encryption software, if you use it
If you have ever had a VPN connection or an Exchange email account set up on your iOS device, try using the password associated with those accounts. If you have changed your password for that account in the past, try using an old password. If that doesn’t work, contact the administrator for the account and see if they have a default password enabled on the account.
Profiles are common when the device is part of an enterprise deployment and may be required for Exchange, VPN, or internal security. Administrators make iOS Profiles using the iPhone Configuration Utility or Apple Configurator. Profiles may enforce backup encryption. The first time your device syncs after such a profile is installed, you must enter a backup password. In some cases, an administrator may have synced the device for you and entered the backup password then. If so, ask the administrator who issued the device to you for the backup password.
Mac only: Password saved in Keychain
If you are using OS X, the password might be saved in Keychain Access. Follow these steps to see if this is the case:
Open iTunes Preferences and select the Devices tab. Note the time of the device’s backup.
Right-click the desired backup and choose "Show in Finder".
Finder should now be open, showing the backup selected. Click the Edit menu and choose Copy.
Open Keychain Access from /Applications/Utilities/.
Paste the backup folder's name into the search box in the top-right corner of Keychain Access.
If there is a password for the backup, you should see it in Keychain Access.
Double-click the backup in Keychain Access.
Click the button “Show password”.
You may be asked to enter your login keychain password. After doing so, click Allow. You should see your backup password.
Use this password to restore from your backup.

Encryption password in ep5sp5

HI,
In instaaltion of ep5sp5 the installer requires an encryption key along with admin user id and password can anybody tell me how this key will be useful after installation .I mean what is use of that key?
Best Regards,
Tuhin

Hi Tuhin,
I have not done this in SP5. In Releases prior to SP4 there was a batch utility you had to run to update the passwords I believe that is where you had to specify encryption password.
I don't believe it is being used for the private keey generation but I'm not sure. I don't think there is a security guide for EP5. You may be able to find the answer in the Administration guide. For security topics in general, you may look on service marketplace for EP6 Sp2 security guide. There is lots of good information in there.
John

Default Encrypted Password

Dear All,
i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD .
How can i insert Encripted password into table.
Thanks

Hi Vedant,
See the CUSTOM_HASH function that is installed with sample application in the APEX.
Here is the code for it:
create or replace function custom_hash (p_username in varchar2, p_password in varchar2)
return varchar2
is
l_password varchar2(4000);
l_salt varchar2(4000) := 'XFSPL28ZTWEWWM6FHWMK68AG5NQVLU';
begin
-- This function should be wrapped, as the hash algorithm is exposed here.
-- You can change the value of l_salt or the method of which to call the
-- DBMS_OBFUSCATOIN toolkit, but you much reset all of your passwords
-- if you choose to do this.
l_password := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
(input_string => p_password || substr(l_salt,10,13) || p_username ||
substr(l_salt, 4,10)));
return l_password;
end;
i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD.The above function will give the encrypted password which can be inserted into USER_DTL as follows:
INSERT INTO USER_DTL(USERNAME,PASSWORD) VALUES(:P1_USERNAME, CUSTOM_HASH(:P1_USERNAME,:P1_PASSWORD))Be sure that PASSWORD column in USER_DTL is of type VARCHAR2 and of adequate length as to accommodate the encrypted password.
Hope it helps!
Regards,
Kiran

Reset encryption password for NEW iPhone backups

Hello Everyone,
I have an iPhone and iPad which are currently working perfectly. However during testing I figured out that I somehow lost my iTunes backup encryption password. As such I figured I would just change the backup password, delete the old backups, and create NEW backups for which I do know the password to and all would be good (and ready for a future device failure.)
However it appears that iTunes will not allow you to change or disable the encryption password for NEW backups without first knowing the old encryption password. Does anyone know if a way around this?
Thank you for your time.

Thanks!

Encrypted Password in AIAConfigurationProperties.xml

Hi,
During the installation of Primavera P6 to EBS Projects PIP, the Password is getting encrypted in the Service Configuration in AIAConfigurationProperties.xml. Is there any script that we can run so that we can avoid the encryption of the password there by having the flexibility to change the un-encrypted Password as and when required?
<Property name="User.P6EPPM_01.Name">primavera</Property>
<Property name="User.P6EPPM_01.pwd">Se8bfsuMJNvYmKB4mg9L3w==</Property>
Your pointers will be highly appreciated!
Regards,
Chaitanya

Try this:
There's a script that can be used to re-encrypt a new password. If the cleartext password is, say, welcome1, do the following -
- Go to AIA_HOME/Infrastructure/install/install/wlscripts/config
- Run command: ./encrypt.sh welcome1
This is useful for re-encrypting any of the passwords that are captured during installation in the deploy.properties file. I can't say for sure that it is the same encryption that is used for the P6 credentials, but it's worth a try.

ITunes will not let me backup and sync to new phone encrypted password??

iTunes will not let me backup and sync to new phone encrypted password?? I've never set a password for my old iPhone 3gs but tried my old Apple ID sign-in passwords to no avail. I've simply sat here so frustrated....my husband sync'd his new iPhone 4 no problem, somehow the checkbox shows Encrypted password and I'm at a loss on how to change this/find the password and transfer my old backup onto my new phone so I can use it. Can anyone help? Tnx

John,
buy an iTunes Music Card and redeem it to your account - the "none" option should be available then.

LDIF Importing a user with a non-encrypted password fails, anywork arounds?

I was able to import a group without issue:
dn: cn=Authenticated,cn=Groups,dc=oraclelinux,dc=com
description: test group
objectClass: top
objectClass: groupOfUniqueNames
uniqueMember: cn=orcladmin,cn=People,dc=oraclelinux,dc=com
cn: Authenticated
But when I try to import a standard user:
dn: cn=testuser2,cn=Users, dc=oraclelinux, dc=com
userpassword:: password1
description: test user
objectClass: top
objectClass: person
sn: testuser2
cn: testuser2
It fails if I remove the password field then I can import the user without issue, but I need to include the password field as it is part of what was exported from the old LDAP Server.
If I create a user in an ldif import it then add a password using oracle's Directory Manager upon exporting it the entry loks like:
dn: cn=testuser, cn=Users, dc=oraclelinux, dc=com
authpassword;orclcommonpwd: {MD5}fGoYCzaJagqMAnh+6vsOTA==
authpassword;orclcommonpwd: {X- ORCLLMV}E52CAC67419A9A2238F10713B629B565
authpassword;orclcommonpwd: {X- ORCLNTV}5835048CE94AD0564E29A924A03510EF
authpassword;oid: {SASL/MD5}tUquh+Duowh2aWSEwONtcQ==
authpassword;oid: {SASL/MD5-DN}lcQ7Z5O5vcwzXMeaZ65fYw==
authpassword;oid: {SASL/MD5-U}AAWzkmDDCJLbs9mxoWBTiw==
userpassword:: e1NIQX00NHJTRkpROXF0SFdUQkF2cnNLZDVLL3AyajA9
description: test user
objectclass: top
objectclass: person
sn: testuser
cn: testuser
Changing my imported ldif to look like the following WORKS:
dn: cn=testuser2,cn=Users, dc=oraclelinux, dc=com
userpassword:: e1NIQX00NHJTRkpROXF0SFdUQkF2cnNLZDVLL3AyajA9
description: test user
objectClass: top
objectClass: person
sn: testuser2
cn: testuser2
So the password must be encrypted then?, if so how to I generate a password hash on the command-line and through JAVA?
Can an import be forced with a plain text password (Tivoli, SUN both support this functionality).
Can I change the constraint that the password must contain a numeric char? (Found in document: http://download-uk.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/pwdpolicies.htm#g1051713)
After fixing the constaints I can import a non-encrypted password from an ldif, but it can not be verified and only the authpassword;oid entries are created not the authpassword;orclcommonpwd entries.
Thanks for your assistance,
ERIC GANDT

Eric, my first guess would be that the OID password policy prevents loading of the password i.e. the password doesn't match the existing password policy.
What version is your "old" OID and what is the version of the current OID you're using?
What is the error msg you get?
regards,
--Olaf

Doubts regarding db connection with encrypted password usage in sandbox

Hi All,
We have setup the db connection using configuration file. The configuration file contains db connection information including the encrypted password.
Below are my doubts:
1. If we are going to import the ETL project in zip file directly into the sandbox can we run the graphs directly or we need to check how the password which is encrypted in configuration file will be decoded.
2. Can we directly modify the configuration file for db connection like db connection,user name and password. Suppose I want the graphs to run in some other database which is not specified in configuartion fiel .Can I directly update that?
3.Is it possible to change the encrypted password in the configuration file in the sandbox. Is it that we need to create the project in Integrator Designer, change the password using the Integrator Designer, and then copy the encrypted password into the configuration file in sandbox, or the Endeca provides a functionality to allow user to directly change the password in the sandbox on the Integrator server.
Can someone please let me know their comments on above.
Thanks in Advance.
Regards,
Amrit

can someone please help me on this issue

Powershell script monitor with encrypted password

I have created a powershell script based monitor in my management pack and everything is ok but I can't get my credentials work inside the script. I want to open pssession to another computer with my credentials. I have triple checked that my pssession is
working because I can access it from powershell console.
This works perfectly at local server from PSconsole:
$EncryptedPassword ="01000000d08c9ddf0115d1118c7a00c04fc297eb01000000534b2....etc...etc..."
$pw = convertto-securestring -String $EncryptedPassword
$cred = new-object System.Management.Automation.PSCredential -argumentlist "MyDOMAIN\MyACCOUNT",$pw
$s = New-PSSession -ComputerName "MyServer" -Port MyPort -Credential $cred
But when I run the same lines inside my management pack the convertto-securestring
does nothing, it just wont convert the encrypted password to secure string!
I have tried this plain text method and it works
inside my management pack, but I don't want to use it because you can see the password in plain text:
ConvertTo-SecureString -String "myPlainTextPassword" -AsPlainText -Force
This is the $error variable, so it's basically says that I don't have anything in the password secure string variable because the convertion did not work for some reason:
The argument is null. Provide a valid value for the argument, and then try running the command again. Cannot process argument transformation on parameter 'Credential'. PromptForCredential Exception calling ".ctor" with "2" argument(s):
"Cannot process argument because the value of argument "password" is null. Change the value of argument "password" to a non-null value." The system cannot find the file specified. Exception calling "SecureStringToBSTR"
with "1" argument(s): "Value cannot be null. Parameter name: s" The system cannot find the file specified. Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null. Parameter name: s"
The system cannot find the file specified.
So is there some known issue with SCOM Agent / management pack when you are dealing with convertto-securestring
function with encrypted passwords?
I used these methods to encrypt the password: Technet article about encryption

I got it to work!
<TypeDefinitions>
<EntityTypes>
<ClassTypes>
<ClassType ID="MyClass" Accessibility="Public" Abstract="false" Base="Windows!Microsoft.Windows.LocalApplication" Hosted="true" Singleton="false" Extension="false"
/>
</ClassTypes>
</EntityTypes>
<SecureReferences>
<SecureReference ID="MyRunAsAccountProfile" Accessibility="Public" Context="System!System.Entity" />
</SecureReferences>
<ScriptBody>param (
[string]$Username,
[string]$Password
$API = new-object -comObject "MOM.ScriptAPI"
$PropertyBag = $API.CreatePropertyBag()
$cred = New-Object System.Management.Automation.PSCredential -Argumentlist @($Username,(ConvertTo-SecureString -String $Password -AsPlainText -Force))
$s = New-PSSession -ComputerName "myserver" -Credential $cred
Invoke-Command -Session $s -ScriptBlock { $service = Get-Service -Name Spooler}
$invcom = Invoke-Command -Session $s -ScriptBlock { $service.status}
Remove-PSSession -Id $s.Id
if ($invcom.Value -ne "Running") {
$PropertyBag.AddValue("State","ERROR")
$outputLongLine = "Spooler Service is not running on target server!"
$PropertyBag.AddValue("Description", $outputLongLine)
else {
$PropertyBag.AddValue("State","OK")
$outputLongLine = "Spooler is Running on target server."
$PropertyBag.AddValue("Description", $outputLongLine)
$PropertyBag</ScriptBody>
<Parameters>
<Parameter>
<Name>Username</Name>
<Value>$RunAs[Name="MyRunAsAccountProfile"]/Domain$\$RunAs[Name="MyRunAsAccountProfile"]/UserName$</Value>
</Parameter>
<Parameter>
<Name>Password</Name>
<Value>$RunAs[Name="MyRunAsAccountProfile"]/Password$</Value>
</Parameter>

APEXExport Utility - Encrypt Password?

Similar Messages

Maybe you are looking for