password encryption in database.xml

Currently we are using DAS feature of Datadeploy in our project. The database connection info like userid, password, SID of the the database server are hardcoded in database.xml file. This results in being the production database userid/password & SID exposed to all the telnet users..

Is there a way to encrypt the password in database.xml so that nobody can view them?

thanks

KingFisher
Asscociate Consultant,
Polaris Software Lab, Chennai.
http://www.polaris.co.in/

Find more posts tagged with

Comments

Migrateduser

The iwsyncdb command has an encodepassword option.

Todd Scallan
Director of Product Management
Interwoven
t: 408-530-7167
e: tscallan@interwoven.com

aputnam

Which encryption algorithm is used for this feature?

Migrateduser

The -encodepassword option encodes the password, it doesn't encrypt it. So there is no key involved. The encoding method is internal to the product.

If you want to protect the database.xml file from being read by others, you can make the file readable by only the product. In 6.0.x, that would be the owner of the base server process. In 5.6, that would be the owner of the DAS daemon process or userid authorized to invoke standalone DataDeploy deployments.

Todd Scallan
Director of Product Management
Interwoven
t: 408-530-7167
e: tscallan@interwoven.com