Dears,
Does any of you managed to encrypt the password used in a batch file when creating a tenant backup ?
The command line is this one:
E:\SoftwareAG\ARIS9.7\server\acc\acc.bat -c "E:\SoftwareAG\ARIS9.7\server\generated.apptypes.cfg" -h localhost -p 9001 -u Clous -pwd g3h31m -f "E:\SoftwareAG\ARIS9.7\accBackupCmd.txt"
But the g3h31m password is in clear text !
When calling the arisadmintool however we can specify the encrypted password:
E:\SoftwareAG\ARIS9.7\tools\ArisAdm\arisadm90.exe -l $current_dir\dbbackup.log -s localhost:80 -t default -u system "{crypted}072744af76f96c90c302b0a24f8976fe" backup all "$current_dir\"
Any ideas ? ...
Thanks
Hi Didier,
you are not the first with this request.
There is a little problem here: if one could pass an encrypted password to the ACC as you suggest, then the ACC would need to decrypt it, right? And to decrypt it, it would need the key that was used to crypt it. And from where does ACC take that key? Either the key is hidden somewhere inside the ACC (where a determined attacker could find it if he disassembled the ACC code, so this would not be "real" security, but "security by obscurity") OR the user would have to specify the key to decrypt it, which would defeat the whole purpose. ;-)
We decided NOT to add "security by obscurity" to the ACC.
So there is no real solution for that problem. But there is a little ACC feature that might or might not help you:
If you do not want to put the password into a batch file etc., you can just leave it out. The ACC will then prompt for the password:
Of course this will only work if your script is run by some user that can type the password, it will not work when you want to run it through a scheduler etc.
What you can do is protect you script using OS features (file permissions) so that only admin users can see it (of course the OS user used to run the script needs to at least have read permissions, too).
Regards
Jürgen