Watch4net APG 5: Switching to an encrypted password database
Article ID: 304661
Updated On:
Products
VMware
Issue/Introduction
Symptoms:
Watch4net APG 5: Switching to an encrypted password database
How to switch to encrypted password database in Watch4Net APG 5
Watch4net APG 5: Switching to an encrypted password database
How to switch to encrypted password database in Watch4Net APG 5
Environment
VMware Smart Assurance - Watch4Net/M&R
Resolution
For an improved security, it is possible to switch to an encrypted database password.
In APG revisions later than 1957, it is possible to encrypt user password in database. To enable this feature, please follow these steps:
- Edit APG.xml and add digest="SHA1" in the Realm block. The resulting APG.xml should look like the following example:
<Context>
<Resource name="jdbc/APG-DB" auth="Container"
type="javax.sql.DataSource" maxActive="100" maxIdle="30"
maxWait="10000" username="apg" password="watch4net"
driverClassName="com.mysql.jdbc.Driver" removeAbandoned="true"
removeAbandonedTimeout="60" logAbandoned="true"
url="jdbc:mysql://localhost:53306/apg?autoReconnect=true" />
<Realm className="org.apache.catalina.realm.DataSourceRealm"
dataSourceName="jdbc/APG-DB" localDataSource="true"
userTable="user" userNameCol="username" userCredCol="password"
userRoleTable="user" roleNameCol="rolename" digest="SHA1" />
</Context>
- Set the system property digest.algorithm to the selected algorithm (e.g. SHA1).
-
- On Windows, go to the Tomcat installation directory and run apgtomcatw.exe. You can add -Ddigest.algorithm="SHA1" in the command line argument field of the Java tab.
- On Unix, edit the apg-tomcat service file and add -Ddigest.algorithm="SHA1" to the JAVA_OPTS environnement variable.
- Encrypt the passwords in database in an irreversible way with the following query:
UPDATE user SET password=SHA1(password);
Feedback
Yes
No
Powered by
