Secure passwords in files
Password encoding and encryption deters the casual observation of passwords in server configuration and property files.
The following topics can be used to add protection for passwords located in files:
- (iseries) Password encoding and encryption Passwords are automatically encoded with a simple masking algorithm in various WebSphere Application Server ASCII configuration files. Additionally, we can manually encode passwords in properties files used by Java clients and by administrative commands for WebSphere Application Server. For more information on password encoding and encryption, see Password encoding and encryption.
- Encoding passwords in files WebSphere Application Server contains some encoded passwords that are not encrypted. The PropFilePasswordEncoder utility is included to encode these passwords. For more information on encoding passwords in a file, see Encoding passwords in files.
- Enable custom password encryption You need to protect passwords contained in the WAS configuration. We can added protection by creating a custom class for encrypting the passwords. For more information on custom password encryption, see Enable custom password encryption.
Subtopics
- (iseries) Password encoding and encryption
Password encoding deters the casual observation of passwords in server configuration and property files.
- Encoding passwords in files
The purpose of password encoding is to deter casual observation of passwords in server configuration and property files. Use the PropFilePasswordEncoder utility to encode passwords stored in properties files. WAS does not provide a utility for decoding the passwords. Encoding is not sufficient to fully protect passwords. Native security is the primary mechanism for protecting passwords used in WebSphere Application Server configuration and property files.
- Enable custom password encryption
You need to protect passwords contained in the WAS configuration. After creating the server profile, we can add protection by creating a custom class for encrypting the passwords.
Related tasks
Tuning, hardening, and maintaining security configurations