Watch4net APG 5: Switching to an encrypted password database
search cancel

Watch4net APG 5: Switching to an encrypted password database


Article ID: 304661


Updated On:





Watch4net APG 5: Switching to an encrypted password database
How to switch to encrypted password database in Watch4Net APG 5


VMware Smart Assurance - Watch4Net/M&R


For an improved security, it is possible to switch to an encrypted database password.

In APG revisions later than 1957, it is possible to encrypt user password in database. To enable this feature, please follow these steps:

  1. Edit APG.xml and add digest="SHA1" in the Realm block. The resulting APG.xml should look like the following example:

         <Resource name="jdbc/APG-DB" auth="Container"
            type="javax.sql.DataSource" maxActive="100" maxIdle="30"
            maxWait="10000" username="apg" password="watch4net" 
           driverClassName="com.mysql.jdbc.Driver" removeAbandoned="true"
            removeAbandonedTimeout="60" logAbandoned="true"
            url="jdbc:mysql://localhost:53306/apg?autoReconnect=true" />
      <Realm className="org.apache.catalina.realm.DataSourceRealm"
            dataSourceName="jdbc/APG-DB" localDataSource="true"
            userTable="user" userNameCol="username" userCredCol="password"
            userRoleTable="user" roleNameCol="rolename" digest="SHA1" />

  2. Set the system property digest.algorithm to the selected algorithm (e.g. SHA1).
    • On Windows, go to the Tomcat installation directory and run apgtomcatw.exe. You can add -Ddigest.algorithm="SHA1" in the command line argument field of the Java tab.
    • On Unix, edit the apg-tomcat service file and add -Ddigest.algorithm="SHA1" to the JAVA_OPTS environnement variable.

  3. Encrypt the passwords in database in an irreversible way with the following query:

    UPDATE user SET password=SHA1(password);