Encrypting password in xml file

Similar Messages

• Bouncy Castle Encryption for Large XML Files?

  Hi,
  I am trying to encrypt files > 8 KB using the KeyBasedLargeFileProcessor Utility class of Bouncy Castle.
  It's encrypting the file. But, unable to decrypt the same encrypted file. Hence it's encrypting incorrectly.
  While trying to decrypt the encrypted file, it says "It was encrypted with a key (4E616D65) that does not exist"
  Please suggest what change needs to be made in the 'encryptFile' method where it says -
  "OutputStream cOut = cPk.open(out, new byte[1 << 16]);"
  I tried changing the value, but it doesn't work. The maximum file size that we may encrypt is around 3 MB.
  The files that are being encrypted / decrypted are XML files.
  Any inputs are highly appreciated.
  Thanks,
  Tan

  While trying to decrypt the encrypted file, it says "It was encrypted with a key (4E616D65) that does not exist" So use the same key you encrypted with.
  Please suggest what change needs to be made in the 'encryptFile' method where it says -
  "OutputStream cOut = cPk.open(out, new byte[1 << 16]);" Do you have some evidence that that's where the problem is?

• Reading Encrypted Password from Configuration File and Decrypt it at login

  Hi All,
  My application reads a configuration file to connect to the ORACLE database. The values defined for password are clear text as given below:
  user: 'mh'
  password='abcd1234'
  Is there is any way I can give an encrypted password in the configuration file instead of a clear text file and at the time of login ORACLE decrypts it. I am using ORACLE 11g Database.
  My company have a requirement that passwords are not stored in the clear in properties files. the reason being I suppose that if the password is stored in plaintext someone could hit the property file directly, get the password and then connect to the database with it.
  For a regular user connecting through an Oracle client or SQL Developer they would need to have the plaintext password in order to connect.
  its based on the requirements of
  International Standards Organization Guidance
  ISO 17799 � 9.5.4 requires password management systems to:
  � enforce the use of individual passwords
  � allow users to select and change their own passwords if appropriate
  � enforce a choice of quality passwords
  � force regular changes of passwords
  � maintain a record of previous user passwords to prevent re-use
  � not display passwords when they are being entered
  � store password files separately from application system data
  � store passwords in encrypted form using a one way encryption algorithm
  � alter default vendor passwords following installation of software
  So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.
  I have feeling there is a way of configuring this in Oracle advanced Security, but just can't quite get it to work.
  Edited by: user5568473 on 20-May-2013 00:05

  So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.... and neither can your application. Encryption is needed in this case. The decryption must be written into your application. I've written my own in some cases, but finding a library for your development language is a smarter solution.
  One alternative is using an Oracle wallet. It doesn't fit every circumstance and does have some maintenance headaches.
  You can set up a basic secure password store to encrypt and store the password for a given user@instance combination, and then connect to the database without passing a password. SQL*Net adds in the appropriate password from the wallet for when you connect.
  http://www.oracle.com/technetwork/database/security/twp-db-security-secure-ext-pwd-stor-133399.pdf
  Advanced Security Option also allows you to set up a Public Key Infrastructure connections (SSL encryption and/or authentication). It also uses a wallet to store the SSL certificates and credentials. I don't have personal experience on this approach.
  SSL and the wallet allow you to connect to the database similar to CONNECT/@net_service_name or sqlplus /@net_service_namehttp://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#CIHCBIEG

• Connection has no password, -jdbc.xml file not generated for connection

  Hi,
  I'm migrating a jdev 10g web application (with EJB) to 11g, i did the automatic migration tool offred by 11g, i'm using the integrated weblogic server but it seems there is a *-jdbc.xml file missed, and it must be generated, this is the log file of the start of server :
  IntegratedWebLogicServer started.
  [Running application SAB_ADMIN on Server Instance IntegratedWebLogicServer...]
  [09:14:15 AM] ---- Deployment started. ----
  [09:14:15 AM] Target platform is (Weblogic 10.3).
  [09:14:18 AM] Retrieving existing application information
  [09:14:19 AM] Running dependency analysis...
  [09:14:19 AM] Deploying 4 profiles...
  [09:14:21 AM] Wrote Web Application Module to C:\Users\Moshe\AppData\Roaming\JDeveloper\system11.1.1.3.37.56.60\o.j2ee\drs\SAB_ADMIN\ViewControllerWebApp.war
  [09:14:21 AM] Wrote Web Application Module to C:\Users\Moshe\AppData\Roaming\JDeveloper\system11.1.1.3.37.56.60\o.j2ee\drs\SAB_ADMIN\ModelWebApp.war
  [09:14:25 AM] Wrote EJB Module to C:\Users\Moshe\AppData\Roaming\JDeveloper\system11.1.1.3.37.56.60\o.j2ee\drs\SAB_ADMIN\ModelEJB.jar
  [09:14:25 AM] WARNING: Connection DBConnectionSAB has no password. DBConnectionSAB-jdbc.xml file not generated for connection DBConnectionSAB.
  [09:14:26 AM] Wrote Enterprise Application Module to C:\Users\Moshe\AppData\Roaming\JDeveloper\system11.1.1.3.37.56.60\o.j2ee\drs\SAB_ADMIN
  [09:14:26 AM] Deploying Application...
  <14 oct. 2010 09 h 14 GMT+01:00> <Notice> <EclipseLink> <BEA-2005000> <2010-10-14 09:14:28.065--ServerSession(40464643)--property eclipselink.jdbc.user is deprecated, property javax.persistence.jdbc.user should be used instead.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Notice> <EclipseLink> <BEA-2005000> <2010-10-14 09:14:28.299--ServerSession(40464643)--property eclipselink.jdbc.driver is deprecated, property javax.persistence.jdbc.driver should be used instead.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Notice> <EclipseLink> <BEA-2005000> <2010-10-14 09:14:28.299--ServerSession(40464643)--property eclipselink.jdbc.url is deprecated, property javax.persistence.jdbc.url should be used instead.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Notice> <EclipseLink> <BEA-2005000> <2010-10-14 09:14:28.299--ServerSession(40464643)--property eclipselink.jdbc.password is deprecated, property javax.persistence.jdbc.password should be used instead.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Warning> <EJB> <BEA-012035> <The Remote interface method: 'public abstract java.lang.Object oracle.user.Session_user.mergeEntity(java.lang.Object)' in EJB 'SessionEJB' contains a parameter of type: 'java.lang.Object' which is not Serializable. Though the EJB 'SessionEJB' has call-by-reference set to false, this parameter is not Serializable and hence will be passed by reference. A parameter can be passed using call-by-value only if the parameter type is Serializable.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Warning> <EJB> <BEA-012035> <The Remote interface method: 'public abstract java.lang.Object oracle.user.Session_user.persistEntity(java.lang.Object)' in EJB 'SessionEJB' contains a parameter of type: 'java.lang.Object' which is not Serializable. Though the EJB 'SessionEJB' has call-by-reference set to false, this parameter is not Serializable and hence will be passed by reference. A parameter can be passed using call-by-value only if the parameter type is Serializable.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Warning> <EJB> <BEA-012035> <The Remote interface method: 'public abstract java.lang.Object oracle.bouton.Session_bouton.mergeEntity(java.lang.Object)' in EJB 'Session_bouton' contains a parameter of type: 'java.lang.Object' which is not Serializable. Though the EJB 'Session_bouton' has call-by-reference set to false, this parameter is not Serializable and hence will be passed by reference. A parameter can be passed using call-by-value only if the parameter type is Serializable.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Warning> <EJB> <BEA-012035> <The Remote interface method: 'public abstract java.lang.Object oracle.bouton.Session_bouton.persistEntity(java.lang.Object)' in EJB 'Session_bouton' contains a parameter of type: 'java.lang.Object' which is not Serializable. Though the EJB 'Session_bouton' has call-by-reference set to false, this parameter is not Serializable and hence will be passed by reference. A parameter can be passed using call-by-value only if the parameter type is Serializable.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Warning> <EJB> <BEA-012035> <The Remote interface method: 'public abstract java.lang.Object oracle.operation.Session_operation.mergeEntity(java.lang.Object)' in EJB 'Session_operation' contains a parameter of type: 'java.lang.Object' which is not Serializable. Though the EJB 'Session_operation' has call-by-reference set to false, this parameter is not Serializable and hence will be passed by reference. A parameter can be passed using call-by-value only if the parameter type is Serializable.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Warning> <EJB> <BEA-012035> <The Remote interface method: 'public abstract java.lang.Object oracle.operation.Session_operation.persistEntity(java.lang.Object)' in EJB 'Session_operation' contains a parameter of type: 'java.lang.Object' which is not Serializable. Though the EJB 'Session_operation' has call-by-reference set to false, this parameter is not Serializable and hence will be passed by reference. A parameter can be passed using call-by-value only if the parameter type is Serializable.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Notice> <EclipseLink> <BEA-2005000> <2010-10-14 09:14:29.656--ServerSession(42285779)--property eclipselink.jdbc.user is deprecated, property javax.persistence.jdbc.user should be used instead.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Notice> <EclipseLink> <BEA-2005000> <2010-10-14 09:14:29.656--ServerSession(42285779)--property eclipselink.jdbc.driver is deprecated, property javax.persistence.jdbc.driver should be used instead.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Notice> <EclipseLink> <BEA-2005000> <2010-10-14 09:14:29.656--ServerSession(42285779)--property eclipselink.jdbc.url is deprecated, property javax.persistence.jdbc.url should be used instead.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Notice> <EclipseLink> <BEA-2005000> <2010-10-14 09:14:29.656--ServerSession(42285779)--property eclipselink.jdbc.password is deprecated, property javax.persistence.jdbc.password should be used instead.>
  <14 oct. 2010 09 h 14 GMT+01:00> <Error> <HTTP> <BEA-101371> <There was a failure when processing annotations for application C:\Users\Moshe\AppData\Roaming\JDeveloper\system11.1.1.3.37.56.60\o.j2ee\drs\SAB_ADMIN\ModelWebApp.war. Please make sure that the annotations are valid. The error is oracle.adf.view.faces.webapp.ResourceServlet>
  <14 oct. 2010 09 h 14 GMT+01:00> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment request with ID '1287044066833' for task '0'. Error is: 'weblogic.application.ModuleException: Failed to load webapp: 'SAB_CRUD-Model-context-root''
  weblogic.application.ModuleException: Failed to load webapp: 'SAB_CRUD-Model-context-root'
       at weblogic.servlet.internal.WebAppModule.prepare(WebAppModule.java:404)
       at weblogic.application.internal.flow.ScopedModuleDriver.prepare(ScopedModuleDriver.java:180)
       at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
       at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:508)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:41)
       Truncated. see log file for complete stacktrace
  Caused By: java.lang.ClassNotFoundException: oracle.adf.view.faces.webapp.ResourceServlet
       at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:280)
       at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:253)
       at weblogic.utils.classloaders.ChangeAwareClassLoader.findClass(ChangeAwareClassLoader.java:56)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:303)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
       Truncated. see log file for complete stacktrace

  This is the content of my web.xml file where i found the markup <servlet> and i tried to run without the first one but the error still like it was :
  <servlet>
  <servlet-name>Faces Servlet</servlet-name>
  <servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>oracle.adf.view.faces.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <servlet-name>resources</servlet-name>
  <servlet-class>org.apache.myfaces.trinidad.webapp.ResourceServlet</servlet-class>
  </servlet>
  <servlet>
  <description>Web Service MyConnexionServiceSoapHttpPort</description>
  <display-name>Web Service MyConnexionServiceSoapHttpPort</display-name>
  <servlet-name>MyConnexionServiceSoapHttpPort</servlet-name>
  <servlet-class>oracle.controll.ConnexionBaseDeDonnees</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet>
  <servlet-name>ResultatRequetePort</servlet-name>
  <servlet-class>oracle.controll.ResultatRequete</servlet-class>
  <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
  <servlet-name>Faces Servlet</servlet-name>
  <url-pattern>/faces/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>resources</servlet-name>
  <url-pattern>/adf/*</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>MyConnexionServiceSoapHttpPort</servlet-name>
  <url-pattern>MyConnexionServiceSoapHttpPort</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>ResultatRequetePort</servlet-name>
  <url-pattern>/ResultatRequetePort</url-pattern>
  </servlet-mapping>
  Thanks...

• How create encrypted/password-protected zip file?

  Any idea if there's a way with the Java API to create an encrypted and password-protected ZIP file? I know how to create a zip file with Java, but I need encryption and password protection.

  Thanks for the link, but that's not a solution. It's 3 years old (and still not resolved) and I'm looking for a Java solution.

• Can you encrypt the rdlc xml file to keep someone from changing it?

  this idea goes with my post on licensing reports.  Is it possible to deploy an encrypted rdlc file and have custom SSRS pages that will decrypt it, run it, manage it, etc?  We were thinking what is the point of custom SSRS pages for licensing if the rdlc is just a plain xml file any one can see, change, copy, etc.
  thanks

  I want to encrypt RDLC file too.

• Best method for encrypting/decrypting large XML files ( 100MB)

  I am in need of encrypting XML for large part files that can get upwards of 100Mb+.
  I found some articles and code, but the only example I was successful in getting to work used XMLCipher, which takes a Document, parses it, and then encrypts it.
  Obviously, 100Mb files do not cooperate well with DOM, so I want to find a better method for encryption/decryption of these files.
  I found some articles using a CipherInputStream and CipherOutputStreams, but am not clear if this is the way to go and if this will avoid memory errors.
  import java.io.*;
  import java.security.spec.AlgorithmParameterSpec;
  import javax.crypto.*;
  import javax.crypto.spec.IvParameterSpec;
  public class DesEncrypter {
      Cipher ecipher;
      Cipher dcipher;
      public DesEncrypter(SecretKey key) {
          // Create an 8-byte initialization vector
          byte[] iv = new byte[]{
              (byte)0x8E, 0x12, 0x39, (byte)0x9C,
              0x07, 0x72, 0x6F, 0x5A
          AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
          try {
              ecipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
              dcipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
              // CBC requires an initialization vector
              ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
              dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
          } catch (java.security.InvalidAlgorithmParameterException e) {
          } catch (javax.crypto.NoSuchPaddingException e) {
          } catch (java.security.NoSuchAlgorithmException e) {
          } catch (java.security.InvalidKeyException e) {
      // Buffer used to transport the bytes from one stream to another
      byte[] buf = new byte[1024];
      public void encrypt(InputStream in, OutputStream out) {
          try {
              // Bytes written to out will be encrypted
              out = new CipherOutputStream(out, ecipher);
              // Read in the cleartext bytes and write to out to encrypt
              int numRead = 0;
              while ((numRead = in.read(buf)) >= 0) {
                  out.write(buf, 0, numRead);
              out.close();
          } catch (java.io.IOException e) {
      public void decrypt(InputStream in, OutputStream out) {
          try {
              // Bytes read from in will be decrypted
              in = new CipherInputStream(in, dcipher);
              // Read in the decrypted bytes and write the cleartext to out
              int numRead = 0;
              while ((numRead = in.read(buf)) >= 0) {
                  out.write(buf, 0, numRead);
              out.close();
          } catch (java.io.IOException e) {
  }This looks like it might fit, but there is one more twist, I am using a persistence manager and xml encoding to accomplish that, so I am not sure how (where) to implement this method without affecting persistence.
  Any guidance on what would work best in this situation would be appreciated.
  Regards,
  vbplayr2000

  I can give some general guidelines that might help, having done much similar work:
  You have 2 different issues, at least from my reading of your problem:
  1) How to deal with large XML docs that most parsers will not handle without memory issues
  2) Where to hide or "black box" the encrypt/decrypt routines
  #1: Check into XPP3/XMLPull. Yes, it's different that the other XML parsers you are used to using, and more work is involved, but it is blazing fast and can be used to parse a stream as it is being read. You can populate beans and process as needed since there is really not much "inversion of control" involved compared to parsers that go on to finish the entire document or load it all into memory.
  #2: Extend Serializable and write your own readObject/writeObject methods. Place the encrypt/decrypt in there as appropriate. That will "hide" the implementation and should be what any persistence manager can deal with.
  Regards,
  antarti

• Cannot encrypt Password in MDSS file...

  Hi All,
  Can in  mdss.ini file we encrypt the password for repository with user id other than Admin?
  issue is i change the password in console for Admin and then try to login datamanager with Admin user id ,but it fails saying Invalid login credentials..
  So I have to use other user id in mdss file (which has Admin role assigned to it) and restart mdss , sot that mdss can see the repository and start polling  the files in ready folder..
  This is not working..
  Any inputs ..
  Cheers!!
  Vikrant M Kelkar

  Hi Vikrant,
  Once you have changed a Users Password in MDM Console.
  You just need to restart your MDSS and enter in the new Userid and  pwd under that particulat repository. and Save it.
  This should take up the new login for auto syndication.
  Thanks & Regards
  Simona Pinto

• Encrypting password in xml

  Hi
  I want to encrypt the passwords in the xml. So I read some articles and found this method. I tried to use it in my progroam , it gives me an error, saying
  java.security.NoSuchAlgorithmException: Algorithm DESede not available
  The method is,
  public static String getEncryptedString(String input)throws Exception{
       Security.addProvider( new com.sun.crypto.provider.SunJCE() );
       Key key = null;
       KeyGenerator kg = KeyGenerator.getInstance("DES");
       key = kg.generateKey();
       Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
       cipher.init(Cipher.ENCRYPT_MODE, key);
       byte[]inputBytes = input.getBytes("UTF8");
       byte[] outputBytes = cipher.doFinal(inputBytes);
       BASE64Encoder encoder = new BASE64Encoder();
       String base64 = encoder.encode(outputBytes);
       return base64;
  Would appreciate if any one tells me why this error is thrown and how to get it working.
  Thanks
  radsat

  Cross post http://forum.java.sun.com/thread.jspa?threadID=636507&messageID=3711580#3711580

• SOA10g: Encrypt Password in oc4j-ra.xml file.

  I am using ftp adapter for SFTP operations. Is there any way to encrypt the password in oc4j-ra.xml file.
  I was trying to use encrypt.bat to encrypt the password..but when i hit the enter button , the screen gets closed.
  Pls tell me how to achieve this in soa 10g.
  Thanks,
  AB

  This is done via the 'encrypt.bat' or 'encrypt.sh' script located in your SOA Suite install.
  cd %ORACLE_HOME%\bpel\bin
  encrypt.bat mypassword
  Use the output of this command in your oc4j-ra.xml file.
  (Thank You Ahmed!! http://blog.thisisahmed.com/)

• Encrypted Password in AIAConfigurationProperties.xml

  Hi,
  During the installation of Primavera P6 to EBS Projects PIP, the Password is getting encrypted in the Service Configuration in AIAConfigurationProperties.xml. Is there any script that we can run so that we can avoid the encryption of the password there by having the flexibility to change the un-encrypted Password as and when required?
  <Property name="User.P6EPPM_01.Name">primavera</Property>
  <Property name="User.P6EPPM_01.pwd">Se8bfsuMJNvYmKB4mg9L3w==</Property>
  Your pointers will be highly appreciated!
  Regards,
  Chaitanya

  Try this:
  There's a script that can be used to re-encrypt a new password. If the cleartext password is, say, welcome1, do the following -
  - Go to AIA_HOME/Infrastructure/install/install/wlscripts/config
  - Run command: ./encrypt.sh welcome1
  This is useful for re-encrypting any of the passwords that are captured during installation in the deploy.properties file. I can't say for sure that it is the same encryption that is used for the P6 credentials, but it's worth a try.

• Passwords in All-configuration backup XML file

  Looking at the http://goo.gl/UU4cmx - for All configuration backup XML file in UCS Manager it says "This  file does not include passwords for locally authenticated users."
  When I create all configuration backup I can still see passwords when I look into the XML file but they are encrypted somehow.
  So if I create a backup and import it to some other UCS system - how  will the new system know how to decrypt the password so users will be  able to login? Thanks.

  Thanks for the elucidation.

• How do I Remove password-encryption in a PDF file

  Hello
  Can anyone help me remove the password encryption on a PDF file? I am trying to submit a PDF file to a on demand printer & they di accept the file if it is password-encrypted.
  Thanks

  I have no idea why the printer thinks there is a password? When I opened the security link in Acrobat nothing is selected? So I'm stuck. I also opened the PMD thinking there was some password attached there & I found nothing?

• I am receiving the 'Could not sign you in [Access denied: 530]. Check your user name and password' problem on Adobe Muse CC 2014 and I cannot access the xml file that is supposed to fix this issue?

  I am a PC user and I have Adobe Creative Cloud Muse 2014. I have received the 'Could not sign you in [Access denied: 530]. Check your user name and password' error when trying to upload my muse site to my ftp host, GoDaddy. I have successfully done this in the past and only recently it has stopped working. I looked online at the FAQ Adobe Muse Help | Uploading an Adobe Muse Site to a third-party hosting service and it said to download the ftpprefs.xml file but this file simply leads to a blank page that says /*Not found*//*Not found*/.
  Can someone direct me to a working page with this file or provide a different solution? Thank you!

  Hello,
  As you are getting error [Access denied: 530] it means issue is with access. Either the username and password you are entering is incorrect or you do not have proper permissions.
  I would suggest you to contact Godaddy to either reset password or reset the permissions.
  Regards
  Vivek

• HT3345 How do I open a password protected excel file created on a PC?  I get a message that the "file is encrypted and can't be opened"

  How do I open a password protected excel file created on a PC in numbers 09, on a MacBook Air?  I get a message that the "file is encrypted and can't be opened"

  This is actually not true; I support users who are doing this w/ Excel 2011 (v14.2.2+) for Mac and Windows users w/ Excel 2003 & 2007.  Win users are from finance dept, and who have pasword-protected various budget files.  The Mac users are (surprise) "creative" users, who enter pw to unlock and edit these budget files.
  These files are shared from a Mac server (running 10.6.8 server), and I do have an erratic problem where all users have read-only access to these pw-protected Excel files.  The manual work-around has been to copy the troublesome file(s) and confirm users have full access again.  I also do a shuffling of filenames, so that the new, working file has original file name.
  FYI: the Mac server POSIX and ACL permissions are correct, and don't appear to be source of the problem.
  It's easy an SMB file-locking issue or concurrent users trying to edit these files.  I keep reminding them that Excel is not a database!