Decrypt Inline Passwords?

lpotts

Is there any way to decrypt inline passwords within code? When I query I just get the asterics returned.

Find more posts tagged with

Comments

DCTM_Guru

This may be a security feature. Why are you trying to extract password?

lpotts

I need to get the password of the superuser without hard coding it. The superuser is not the installer so I cannot create a server method.

CláudioGil

Yes, I believe that it's a security feature. I remember having seen the DQL being translated to

select all '****************' from dm_user

Regarding passwords, I normally use the com.documentum.fc.tools.RegistryPasswordUtils tool available in dfc.jar. Nevertheless you still need to have access to the encrypted password, for instance, in an aliasset.

Just a final note (after seeing you had just commented), in a server method you can do what you want. The installation owner is always a superuser and with that you can create a session for any other user. It's a lot of work but you definitly can do it. Unless the superuser comes from an LDAP and the password changes periodically, hardcoding it is always easier.

lpotts

That's the problem, the superuser comes from LDAP and the password will have to change every so often.

I am using com.documentum.fc.tools.RegistryPasswordUtils.decrypt but without the encrypted password(i.e. only the '**********' getting returned) all that is getting returned is null

CláudioGil

Superusers with passwords that expire are always a big problem. The only way I know of not needing a password uses the method server, like you said, and a login ticket for the desired user.

DCTM_Guru

Why do you have to run your code as superuser vs install owner?

Francois Dauberlieu

If you're using an inline password, then the password is not using the LDAP, or am I missing something ?