Release : 6.x

Component : Security

For integrations to external data sources (that is, through the Integration Wizard and import utilities), ICA stores service account passwords in the database and encrypts these passwords using a 256-bit SHA1 algorithm with unique salts (.NET AES Cryptography Model), which are decrypted at the time ICA or its importers connect to the API in question. Per Microsoft, the .NET AES class "performs symmetric encryption and decryption using the Cryptographic Application Programming Interfaces (CAPI) implementation of the Advanced Encryption Standard."

For connections between Microsoft Internet Information Services (IIS), Microsoft SQL Server, and Microsoft SQL Server Analysis Services, these passwords are stored per the methods used by Microsoft for these applications.