Minimal 9iASR2 SSL configuration to encrypt password
I have been asked to research SSL configuration for a client. The environment is 9iAS Release 2 (one Linux infrastructure server and one Linux mid-tier server). The client wants to determine and implement the minimal solution for the following requirement: for a custom JSP login page for Portal (same flavor as explained in the SSO Admin Guide), encrypt the password when a user logs in. They would prefer not to have to alter communication channels between 9iAS components unless it is absolutely necessary. I have found an assortment of how-to documents which explain an assortment of configuration options. Unfortunately, I still do not understand which security goals the configurations meet. Can any 9iAS configuration gurus provide some guidance about meeting this requirement?
Here are some of the reference docs I referred to:
http://portalcenter.oracle.com/pls/ops/docs/FOLDER/COMMUNITY/INTERNALPRODDEVFOLDER/TECHREADINESS/ARCHIINFRA/SECURITY/SETUPSSL/HOW%20TO%20SET%20UP%20SSL%20(9.0.2).HTML
MetaLink note 216126.1
MetaLink note 223120.1
One option maybe the following :
- Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
- As a parameter, pass the name of your file to the form
- when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
How to create an encrpyted file :
- use the obfuscation toolkit to encrypt username/password@instance into a varchar2
- write this value to a file using oracle forms (TEXT_IO)
FUNCTION f_encrypt_string(p_key IN VARCHAR2)
RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
l_data VARCHAR2(2000);
BEGIN
-- if neccessary create a text where the length of the string
-- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
key_string => 'MagicKey',
encrypted_string=> v_encrypt_string);
RETURN (v_encrypt_string);
END;
Edited by: user434854 on Apr 8, 2009 5:17 AM
Similar Messages
-
Reading Encrypted Password from Configuration File and Decrypt it at login
Hi All,
My application reads a configuration file to connect to the ORACLE database. The values defined for password are clear text as given below:
user: 'mh'
password='abcd1234'
Is there is any way I can give an encrypted password in the configuration file instead of a clear text file and at the time of login ORACLE decrypts it. I am using ORACLE 11g Database.
My company have a requirement that passwords are not stored in the clear in properties files. the reason being I suppose that if the password is stored in plaintext someone could hit the property file directly, get the password and then connect to the database with it.
For a regular user connecting through an Oracle client or SQL Developer they would need to have the plaintext password in order to connect.
its based on the requirements of
International Standards Organization Guidance
ISO 17799 � 9.5.4 requires password management systems to:
� enforce the use of individual passwords
� allow users to select and change their own passwords if appropriate
� enforce a choice of quality passwords
� force regular changes of passwords
� maintain a record of previous user passwords to prevent re-use
� not display passwords when they are being entered
� store password files separately from application system data
� store passwords in encrypted form using a one way encryption algorithm
� alter default vendor passwords following installation of software
So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.
I have feeling there is a way of configuring this in Oracle advanced Security, but just can't quite get it to work.
Edited by: user5568473 on 20-May-2013 00:05So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.... and neither can your application. Encryption is needed in this case. The decryption must be written into your application. I've written my own in some cases, but finding a library for your development language is a smarter solution.
One alternative is using an Oracle wallet. It doesn't fit every circumstance and does have some maintenance headaches.
You can set up a basic secure password store to encrypt and store the password for a given user@instance combination, and then connect to the database without passing a password. SQL*Net adds in the appropriate password from the wallet for when you connect.
http://www.oracle.com/technetwork/database/security/twp-db-security-secure-ext-pwd-stor-133399.pdf
Advanced Security Option also allows you to set up a Public Key Infrastructure connections (SSL encryption and/or authentication). It also uses a wallet to store the SSL certificates and credentials. I don't have personal experience on this approach.
SSL and the wallet allow you to connect to the database similar to CONNECT/@net_service_name or sqlplus /@net_service_namehttp://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#CIHCBIEG -
Changing SSL configuration on MedRec
Hi,
We are developing a custom Auditing Provider for WLS. Our provider needs to communicate via https to a remote system, and thus we need to configure SSL in order to use the correct client certificate and trust the remote server's.
We are using the sample MedRec application bundled with WLS for testing purposes, but no matter what, we do not seem to be able to change the SSL configuration. We went to Home -> Servers -> MedRecServer(Admin) -> Configuration in the console, and then
* Keystores
* Custom Identity and Custom Trust + configure all the keystores pointing to our jks files
* SSL: point to our alias
But, when restarting the server, we see the following:
<Mar 6, 2007 11:45:21 AM CET> <Notice> <Security> <BEA-090169> <Loading trusted
certificates from the jks keystore file C:\dev\bea\WEBLOG~1\server\lib\DemoTrust
.jks.>Which seems to indicate that somehow MedRecServer is not acknowledging our configuration changes.
Our WL_HOME\samples\domains\medrec\config\config.xml looks like this:
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/extension http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd">
<name>medrec</name>
<domain-version>9.2.0.0</domain-version>
<security-configuration>
<name>medrec</name>
<realm>
<sec:auditor xmlns:ext="http://www.bea.com/ns/weblogic/90/security/extension" xsi:type="ext:secure-auditorType">
<sec:name>Foo</sec:name>
<ext:identifier>Test</ext:identifier>
<ext:bea-audit-log-service-uri>hessian:https://it-sdm-nb:8443/ksuite/remoting/BEAAuditLogService-hessian</ext:bea-audit-log-service-uri>
</sec:auditor>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{3DES}I/3L8IhJVe+jq1vzXAXHODsFazm8NGROsfPVAaunGasgxJ6u41gpHbMAqA4pZSr2u1CWgoxiHR6z895y9Or+CDwkCmqAxJBq</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{3DES}HMxdWFl3juTr6BufJFg6WQ==</node-manager-password-encrypted>
</security-configuration>
<server>
<name>MedRecServer</name>
<ssl>
<name>MedRecServer</name>
<enabled>true</enabled>
<listen-port>7012</listen-port>
<server-private-key-alias>auditor</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</server-private-key-pass-phrase-encrypted>
</ssl>
<listen-port>7011</listen-port>
<listen-address></listen-address>
<key-stores>CustomIdentityAndCustomTrust</key-stores>
<custom-identity-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-identity-key-store-file-name>
<custom-identity-key-store-type>jks</custom-identity-key-store-type>
<custom-identity-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-identity-key-store-pass-phrase-encrypted>
<custom-trust-key-store-file-name>C:\dev\bea\weblogic92\server\lib\tomcat.keystore</custom-trust-key-store-file-name>
<custom-trust-key-store-type>jks</custom-trust-key-store-type>
<custom-trust-key-store-pass-phrase-encrypted>{3DES}tPlZGhoSkfnu0h93w1MeKw==</custom-trust-key-store-pass-phrase-encrypted>
</server>
<embedded-ldap>
<name>medrec</name>
<credential-encrypted>{3DES}W+XDJAixeMZcbdmRm/jIF8u8ZMzBMLyGQpcjb1lWzlM=</credential-encrypted>
</embedded-ldap>
<configuration-version>9.2.0.0</configuration-version>
<admin-server-name>MedRecServer</admin-server-name>
</domain>You can see our Auditor provider configuration and the custom identity and trust sections, which look right.
I'm wondering if somehow the demo application is special in any way, or if we are missing some step to change the identity and trust configuration. Any ideas? Any further investigation clues?
Kind regards,
AlexOK, we have been reading this:
http://e-docs.bea.com/wls/docs81/security/SSL_client.html
, so I think I need to make a few clarifications.
Our Auditing Provider communicates remotely with another system using remoting libraries (in this case, the Hessian library), which open SSL connections in the "usual JDK manner". In fact, when handshaking, we see a failure that has a stack trace like the following:
<Mar 6, 2007 3:59:36 PM CET> <Debug> <SecuritySSL> <000000> <Exception during ha
ndshake, stack trace follows
java.net.SocketException: socket write error: Connection aborted by peer
at jrockit.net.SocketNativeIO.socketWrite(Ljava.io.FileDescriptor;[BII)V
(Unknown Source)
at java.net.SocketOutputStream.socketWrite0(Ljava.io.FileDescriptor;[BII
)V(SocketOutputStream.java:???)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.certicom.io.OutputSSLIOStream.write([BII)I(Unknown Source)
at com.certicom.tls.record.WriteHandler.flushOutput()I(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.flush()V(Unknown S
ource)
at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.hand
le(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sage(Lcom.certicom.tls.record.handshake.HandshakeMessage;)V(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMes
sages([BILcom.certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent([BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(II[BIILcom.
certicom.tls.interfaceimpl.ProtocolVersion;)V(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord()I(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord()I(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete()V(Unk
nown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake()V
(Unknown Source)
at com.certicom.tls.record.WriteHandler.write([BII)I(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write([BII)V(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.j
ava:142)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.
java:344)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLC
onnection.java:32)
at weblogic.net.http.HttpURLConnection.getResponseCode(HttpURLConnection
.java:935)
at com.caucho.hessian.client.HessianProxy.invoke(Ljava.lang.Object;Ljava
.lang.reflect.Method;[Ljava.lang.Object;)Ljava.lang.Object;(HessianProxy.java:??
at $Proxy0.startup(JLjava.lang.String;Ljava.lang.String;)V(Unknown Sourc
e)
at com.kroopier.bea.sap.utils.BeaAuditLogServiceSSLWrapper.startup(BeaAu
ditLogServiceSSLWrapper.java:43)
[/pre]
I guess that the Hessian library opens up a connection, actually using these certicom classes and not the usual https ssl client classes and then I should configure client certificates accordingly in the Certicom thing, but I'm unsure how to do that.
Any ideas?
Alex -
Encrypted Password in AIAConfigurationProperties.xml
Hi,
During the installation of Primavera P6 to EBS Projects PIP, the Password is getting encrypted in the Service Configuration in AIAConfigurationProperties.xml. Is there any script that we can run so that we can avoid the encryption of the password there by having the flexibility to change the un-encrypted Password as and when required?
<Property name="User.P6EPPM_01.Name">primavera</Property>
<Property name="User.P6EPPM_01.pwd">Se8bfsuMJNvYmKB4mg9L3w==</Property>
Your pointers will be highly appreciated!
Regards,
ChaitanyaTry this:
There's a script that can be used to re-encrypt a new password. If the cleartext password is, say, welcome1, do the following -
- Go to AIA_HOME/Infrastructure/install/install/wlscripts/config
- Run command: ./encrypt.sh welcome1
This is useful for re-encrypting any of the passwords that are captured during installation in the deploy.properties file. I can't say for sure that it is the same encryption that is used for the P6 credentials, but it's worth a try. -
Doubts regarding db connection with encrypted password usage in sandbox
Hi All,
We have setup the db connection using configuration file. The configuration file contains db connection information including the encrypted password.
Below are my doubts:
1. If we are going to import the ETL project in zip file directly into the sandbox can we run the graphs directly or we need to check how the password which is encrypted in configuration file will be decoded.
2. Can we directly modify the configuration file for db connection like db connection,user name and password. Suppose I want the graphs to run in some other database which is not specified in configuartion fiel .Can I directly update that?
3.Is it possible to change the encrypted password in the configuration file in the sandbox. Is it that we need to create the project in Integrator Designer, change the password using the Integrator Designer, and then copy the encrypted password into the configuration file in sandbox, or the Endeca provides a functionality to allow user to directly change the password in the sandbox on the Integrator server.
Can someone please let me know their comments on above.
Thanks in Advance.
Regards,
Amritcan someone please help me on this issue
-
MS configure program: encryption format for UGDIR_BINDPW and CFGDIR_BINDPW
Hi Sun Folks,
I am creating a silent installation script for JES 3 messaging and I have come to a bit of roadblock. I would like to create a state file to use with the Messenger Server configure program "/opt/SUNWmsgsr/sbin/configure" and pass to it pre-set values for the following config file parameters:
CFGDIR_BINDPW
UGDIR_BINDPW
However, I noticed that when I ran this command and saved the state file that the passwords entered on the command line were encrypted. I tried to use the unencrypted values in a state file to pass to this configure program, however, the directory server gave me a bind error. I did try to use a SSHA encrypted password in this field to no avail.
If I can find out what the encryption format used, then I can populate this field accordingly.
Thanks!Problem is Jay is that this is a project for Sun Client Ready Services, so we don't have a support contract to work off of for this request. I have sent this request to the project contacts at Sun in the hopes that they can obtain this information for us.
I can definitely take this information off line too if you are able to obtain it for us... I am sure its information that you wouldn't want exposed in this news group. -
How to encrypt password in serverstopper class??
Hi,
I have configured the weblogic server as windows service and currently using boot identity file for username/pw to startup. To enable graceful shutdown of the server, i am using serverstopper class. But to facilitate changing of pw, i am reading the password from a property file in which the password is stored in plain text format. Is there a way to encrypt the password and configure serverstopper class to use the encrypted password or the serverstopper class can use boot identity file to shutdown? When i tried the serverstopper class without username/pw, i am not able to shutdown the service and getting anonymous user can't shutdown the service. Thanks in advance for your reply.
Thanks,
Kuppusamy.V.,Hi Kuppuswamy,
Here is the simple "WLST interpreter script", I didn't have time so tried to keep java code as simple as possible(didn't follow good coding practices :-( ). Before executing this java program you need to generate keys. Below is the procedure for that.
Assumption :-
BEA_HOME :- /usr/VASVijay/bea10mp1
WL_HOME :- BEA_HOME/wlserver_10.0
1) Go to WL_HOME/server/bin and set the environment by executing "setWLSEnv.sh".
2) Then execute below command which generate "userconfig" and "userkey" files in the directory you had execute this command
java weblogic.Admin -adminurl t3://adminserverl:port -username <adminusername> -password <adminpassword> -userconfigfile userconfig -userkeyfile userkey -STOREUSERCONFIG
This command prompts for "Y" or "N", select "Y", then creates two files "userconfig" and "userkey"
3) Validate above keys are correct, execute below command
java weblogic.Admin -adminurl t3://adminserverl:port -userconfigfile userconfig -userkeyfile userkey -GETSTATE
Above command should display "RUNNING".
4) Compile below java code and execute. Change the server name(VASMS1) in "shutdown('VASMS1','Server') according to your server name.
import java.util.*;
import weblogic.management.scripting.utils.WLSTInterpreter;
import org.python.util.InteractiveInterpreter;
public class VASServerShutdown
static InteractiveInterpreter interpreter = null;
VASServerShutdown()
interpreter = new WLSTInterpreter();
private static void connect()
StringBuffer buffer = new StringBuffer();
buffer.append("connect(userConfigFile='/usr/VASVijay/VASDomains/VASNewDomain/userconfig',userKeyFile='/usr/VASVijay/VASDomains/VAS
NewDomain/userkey',url='t3://localhost:8001') \n");
buffer.append("print(cmo)");
interpreter.exec(buffer.toString());
public static void serverShutdown()
StringBuffer buffer = new StringBuffer();
buffer.append("shutdown('VASMS1','Server')");
interpreter.exec(buffer.toString());
public static void main(String args[])
new VASServerShutdown();
connect();
serverShutdown();
Let me know if you have any issues or you require something additional.
Thanks.
Vijay Bheemineni.
Edited by: VAS Vijay Bheemineni on Nov 3, 2009 9:18 PM -
I need a help to Configure the Encryption Key of btm
I have download OracleBTM_1of2.zip and I am trying to install it, so I am following this link
http://download.oracle.com/docs/cd/E11857_01/install.111/e20124/install.htm#sthref20
how can I do this ?
Configuring the Encryption Key
You must configure the encryption key on each application server that hosts a Business Transaction Management component. To configure the encryption key, create a Java system property named com.amberpoint.security.encryption.aes.defaultKey in the server and set its value to your encryption key, for example:
-Dcom.amberpoint.security.encryption.aes.defaultKey=MyEncryptionKey
where MyEncryptionKey is a base 64-encoded, AES, 128-bit key.
After generating your encryption key, you can copy and paste it in order to set the value of your com.amberpoint.security.encryption.aes.defaultKey property. If your key includes special characters, you should enclose it in double quotes, for example:
-Dcom.amberpoint.security.encryption.aes.defaultKey="oylJKoTGXTHasOYwtjwA7g=="
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------You use the command line tool btmcli under the 'tools' directory:
./btmcli.sh encryptpassword -password mypassword
ARECQVBBRVMCX2FwXzEyOAPKsNtwbzzI8j5g7u8UBV7qvp8QOnCA8Tj/ZJiSjqJa/w== -
I need help to Configure the Encryption Key of btm
In order to monitor the osb 11g.
I have download OracleBTM_1of2.zip and I am trying to install it, so I am following this link
http://download.oracle.com/docs/cd/E11857_01/install.111/e20124/install.htm#sthref20
how can I do this ?
Configuring the Encryption Key
You must configure the encryption key on each application server that hosts a Business Transaction Management component. To configure the encryption key, create a Java system property named com.amberpoint.security.encryption.aes.defaultKey in the server and set its value to your encryption key, for example:
-Dcom.amberpoint.security.encryption.aes.defaultKey=MyEncryptionKey
where MyEncryptionKey is a base 64-encoded, AES, 128-bit key.
After generating your encryption key, you can copy and paste it in order to set the value of your com.amberpoint.security.encryption.aes.defaultKey property. If your key includes special characters, you should enclose it in double quotes, for example:
-Dcom.amberpoint.security.encryption.aes.defaultKey="oylJKoTGXTHasOYwtjwA7g=="You use the command line tool btmcli under the 'tools' directory:
./btmcli.sh encryptpassword -password mypassword
ARECQVBBRVMCX2FwXzEyOAPKsNtwbzzI8j5g7u8UBV7qvp8QOnCA8Tj/ZJiSjqJa/w== -
Oracle user'd encrypted password (Oracle 10g)
Hi Guys,
Which table can I check for oracle user's encrypted password. I need to use the same password on the application's configuration file for connection to the database.
Thank you.SQL> desc user$
Name Null? Type
USER# NOT NULL NUMBER
NAME NOT NULL VARCHAR2(30)
TYPE# NOT NULL NUMBER
PASSWORD VARCHAR2(30)
DATATS# NOT NULL NUMBER
TEMPTS# NOT NULL NUMBER
CTIME NOT NULL DATE
PTIME DATE
EXPTIME DATE
LTIME DATE
RESOURCE$ NOT NULL NUMBER
AUDIT$ VARCHAR2(38)
DEFROLE NOT NULL NUMBER
DEFGRP# NUMBER
DEFGRP_SEQ# NUMBER
ASTATUS NOT NULL NUMBER
LCOUNT NOT NULL NUMBER
DEFSCHCLASS VARCHAR2(30)
EXT_USERNAME VARCHAR2(4000)
SPARE1 NUMBER
SPARE2 NUMBER
SPARE3 NUMBER
SPARE4 VARCHAR2(1000)
SPARE5 VARCHAR2(1000)
SPARE6 DATE -
ZCM 11.2 Second Primary - SSL Configuration
Primary Server 11.2.4MU1 on OES 11SP2 - Running ZCM11.2.4MU1 / DSFW / DNS
I am attempting to bring up a Second Primary Server. Maybe I am miss reading the documentation, however Each time I attempt the setup and bring the second primary into the "Existing" zone I give it the DNS / IP of the server, the correct Port - 444 In this case, and user / password. It authenticates fine, asks me to import the CA / MGMT Zone Cert. I click yes. Then I am taken to the SSL Configuration page.
From my reading I believe I should not be taken to this page.... I believe this should only be done if its a new server as the secondary should import and use the primary?
Currently my Plan was to bring up a secondary Primary and look at doing a DB / Content Migration, as I can not upgrade the current 11.2.4MU1 to 11.3 as install on OES is not supported (any longer).
I could be a bit discombobulated....
Thanks
PatrickNever mind.....I forgot about the CSR / Cert generation part of the Zenworks setup...
-
HT5624 Hello, how do I reset my encrypted password
I can't recall my encrypted password for my back up. How do I remove the password?
You will have to guess until you get it correct, or you can just make a new backup and start fresh, unless you are on a Mac. See the instructions below.
Source: http://support.apple.com/kb/TS5162
iOS: Troubleshooting encrypted backups
Symptoms
When you restore from a backup in iTunes, you may be asked for a password to unlock the backup. Learn what to do if you can't remember or do not know your backup password.
Resolution
One of these situations may apply:
Backup encryption was enabled, but you do not know the password
An administrator installed a profile on your device that requires backup encryption
When backup encryption is first enabled, iTunes asks to enter a password and then creates a new encrypted backup for the device. iTunes will continue making encrypted backups until you deselect the Encrypt backup checkbox in the iTunes Device Summary screen. You need the backup password to disable backup encryption or to restore from an encrypted backup. The setting to encrypt backups is stored on the device.
You can keep trying to restore the device from backup until you remember the password. If you're having trouble, try:
Leaving the password field blank
Your Apple ID password
Your computer account password, if you have one
Email passwords you may have used
Your Wi-Fi network password
Website passwords you may have used
A password for hard-disk encryption software, if you use it
If you have ever had a VPN connection or an Exchange email account set up on your iOS device, try using the password associated with those accounts. If you have changed your password for that account in the past, try using an old password. If that doesn’t work, contact the administrator for the account and see if they have a default password enabled on the account.
Profiles are common when the device is part of an enterprise deployment and may be required for Exchange, VPN, or internal security. Administrators make iOS Profiles using the iPhone Configuration Utility or Apple Configurator. Profiles may enforce backup encryption. The first time your device syncs after such a profile is installed, you must enter a backup password. In some cases, an administrator may have synced the device for you and entered the backup password then. If so, ask the administrator who issued the device to you for the backup password.
Mac only: Password saved in Keychain
If you are using OS X, the password might be saved in Keychain Access. Follow these steps to see if this is the case:
Open iTunes Preferences and select the Devices tab. Note the time of the device’s backup.
Right-click the desired backup and choose "Show in Finder".
Finder should now be open, showing the backup selected. Click the Edit menu and choose Copy.
Open Keychain Access from /Applications/Utilities/.
Paste the backup folder's name into the search box in the top-right corner of Keychain Access.
If there is a password for the backup, you should see it in Keychain Access.
Double-click the backup in Keychain Access.
Click the button “Show password”.
You may be asked to enter your login keychain password. After doing so, click Allow. You should see your backup password.
Use this password to restore from your backup. -
How to encrypt password in Forms10g while calling in batch mode
We are migrating our Forms 6i batch jobs to Forms10g. There are two ways we can pass login
information.
1. In formsweb.cfg
2. Pass in URL string 'userid=username/password@connectstring'
In both cases the password is not secured. In option # 1 password is in the configuration file in plain text. In
second option # 2, its in the URL.
BTW, we are using HTTPS protocol while calling form in batch mode and we are not using SSO.
Is there a way, we can use data source in frmservlet while calling form in batch mode. Like in Java, we can create data source with indirect password, the password is encrypted.
Basically, we would like to encrypt our password, we have very strict security guidelines.
Please let us know if there are any options, how to encrypt password in Forms 10g
Regards,
GufranOne option maybe the following :
- Create a file holding the encrpyted username/password on the application server side (in the working directory of your oracle forms application)
- As a parameter, pass the name of your file to the form
- when the form is getting called, read the name file in (TEXT_IO) and use the logon built-in with the value from the password file
How to create an encrpyted file :
- use the obfuscation toolkit to encrypt username/password@instance into a varchar2
- write this value to a file using oracle forms (TEXT_IO)
FUNCTION f_encrypt_string(p_key IN VARCHAR2)
RETURN VARCHAR2 IS v_encrypt_string VARCHAR2(2000) := 'N/A';
l_data VARCHAR2(2000);
BEGIN
-- if neccessary create a text where the length of the string
-- is diviteable by 8 (which is a requirement of dbms_obfuscation_toolkit)
l_data := RPAD(p_key, (TRUNC(LENGTH(p_key)/8)+1)*8, CHR(0));
DBMS_OBFUSCATION_TOOLKIT.DESEncrypt(input_string => l_data,
key_string => 'MagicKey',
encrypted_string=> v_encrypt_string);
RETURN (v_encrypt_string);
END;
Edited by: user434854 on Apr 8, 2009 5:17 AM -
Dear All,
i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD .
How can i insert Encripted password into table.
ThanksHi Vedant,
See the CUSTOM_HASH function that is installed with sample application in the APEX.
Here is the code for it:
create or replace function custom_hash (p_username in varchar2, p_password in varchar2)
return varchar2
is
l_password varchar2(4000);
l_salt varchar2(4000) := 'XFSPL28ZTWEWWM6FHWMK68AG5NQVLU';
begin
-- This function should be wrapped, as the hash algorithm is exposed here.
-- You can change the value of l_salt or the method of which to call the
-- DBMS_OBFUSCATOIN toolkit, but you much reset all of your passwords
-- if you choose to do this.
l_password := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
(input_string => p_password || substr(l_salt,10,13) || p_username ||
substr(l_salt, 4,10)));
return l_password;
end;
i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD.The above function will give the encrypted password which can be inserted into USER_DTL as follows:
INSERT INTO USER_DTL(USERNAME,PASSWORD) VALUES(:P1_USERNAME, CUSTOM_HASH(:P1_USERNAME,:P1_PASSWORD))Be sure that PASSWORD column in USER_DTL is of type VARCHAR2 and of adequate length as to accommodate the encrypted password.
Hope it helps!
Regards,
Kiran -
RBACx Encrypted Password Change Utility
Hi all,
In the OIA/SRM installation guide, there is a reference to a tool, to find out the password of rbacxservice.
"Oracle Identity Analytics utilizes an encrypted password when communicating with the database.
To change the default database password, use the RBACx Encrypted Password Change Utility"
Could you please help me finding out this tool.
Many thanks in advance.
Warm regards,
Manipradeep Sunku.The mentioned tool only encrypts the password so that you don't have to store a plain text password in the config file. It does not decrypt it. The default rbacxservice password is rbacxservice.
The tool does not come with the OIA/SRM distribution so if you need it, you will need to contact support.
Maybe you are looking for
-
Help needed in URM German translation override with XLF file translation
I have a problem in URM 11.1.1.3 German translation override through a custom component. I have a OOTB German context localization ww_strings.xlf file present in <oracle middleware home>/ucm/idc/components/Localization/lang/de in URM with a translati
-
BO 4.0 CRJob server not picking correct numbr of CPU
Hello All, I have installed BO 4.0 SP02 patch 11. I have seperated the CR Scheduling service as a seperate job server form AJS. My CR jobs are running fine however, I have 8 CPU on that machine but in matrics page of Job server, it is showing only 4
-
Our company is looking to host online workshops (virtual services). There appears to be two useful Adobe products for this; Connectnow which I see is as a cloud based service and hosted by adobe OR Adobe Connect which you install on your own hardware
-
New External Hard Drive, Afraid to Sync my Ipod
Hi, I moved my music files to an external hard drive, now that I have a problem is when I start researching how it should have been done... And it looks like I did it wrong. I moved all of my files, and itunes library to the EHD with no problem, but
-
Operating Environment: IIS6+ASP.Net 2.0+Flash Framework / Procedure: When running, Flash will run ASP.NET program. ASP.NET then extracts data from the database and generates a XML file for Flash. Flash reads the XML file and parse it into a readable