Password encoding and encryption deters the casual observation
of passwords in server configuration and property files.
About this task
The following topics can be used to add protection for passwords
located in files:
Procedure
Password encoding and encryption Passwords are automatically encoded with a simple masking algorithm
in various WebSphere® Application Server ASCII configuration
files. Additionally, you can manually encode passwords in properties
files that are used by Java clients
and by administrative commands for WebSphere Application
Server. For more information on password encoding and encryption,
see Password encoding and encryption.
Encoding passwords in files WebSphere Application
Server contains some encoded passwords that are not encrypted. The PropFilePasswordEncoder utility
is included to encode these passwords. For more information on encoding
passwords in a file, see Encoding passwords in files.
Enabling custom password encryption You need
to protect passwords that are contained in your WebSphere Application
Server configuration. You can added protection by creating a custom
class for encrypting the passwords. For more information on custom
password encryption, see Enabling custom password encryption.
Subtopics:
Password encoding and encryption
Password encoding deters the casual observation of passwords
in server configuration and property files.
Encoding passwords in files
The purpose of password encoding is to deter casual observation
of passwords in server configuration and property files. Use the PropFilePasswordEncoder utility
to encode passwords stored in properties files. WebSphere Application Server does not provide
a utility for decoding the passwords. Encoding is not sufficient to
fully protect passwords. Native security is the primary mechanism
for protecting passwords used in WebSphere Application
Server configuration and property files.
Enabling custom password encryption
You need to protect passwords that are contained in your WebSphere Application Server configuration.
After creating your server profile, you can add protection by creating
a custom class for encrypting the passwords.