Profile picture for user dinow

Dears,

Does any of you managed to encrypt the password used in a batch file when creating a tenant backup ?

The command line is this one:

E:\SoftwareAG\ARIS9.7\server\acc\acc.bat -c "E:\SoftwareAG\ARIS9.7\server\generated.apptypes.cfg" -h localhost -p 9001 -u Clous -pwd g3h31m -f "E:\SoftwareAG\ARIS9.7\accBackupCmd.txt"

But the g3h31m password is in clear text !

When calling the arisadmintool however we can specify the encrypted password:

E:\SoftwareAG\ARIS9.7\tools\ArisAdm\arisadm90.exe -l $current_dir\dbbackup.log -s localhost:80 -t default -u system "{crypted}072744af76f96c90c302b0a24f8976fe" backup all "$current_dir\"

Any ideas ? ...

Thanks

by Jürgen Göres
Posted on Fri, 07/10/2015 - 15:40

Hi Didier,

you are not the first with this request.

There is a little problem here: if one could pass an encrypted password to the ACC as you suggest, then the ACC would need to decrypt it, right? And to decrypt it, it would need the key that was used to crypt it. And from where does ACC take that key? Either the key is hidden somewhere inside the ACC (where a determined attacker could find it if he disassembled the ACC code, so this would not be "real" security,  but "security by obscurity") OR the user would have to specify the key to decrypt it, which would defeat the whole purpose. ;-)

We decided NOT to add "security by obscurity" to the ACC.

So there is no real solution for that problem. But there is a little ACC feature that might or might not help you:

If you do not want to put the password into a batch file etc., you can just leave it out. The ACC will then prompt for the password:

Of course this will only work if your script is run by some user that can type the password, it will not work when you want to run it through a scheduler etc.

What you can do is protect you script using OS features (file permissions) so that only admin users can see it (of course the OS user used to run the script needs to at least have read permissions, too).

Regards

Jürgen

0

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|
icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock