You can encrypt passwords with an EGL command-line utility.
Password encryption is supported only for Java™ programs and the debugger, not for COBOL
programs.
When EGL generates output files, it automatically encrypts passwords
in property files and literals that are passed to system functions.
For example, here is a call to the
sqlLib.connect system
function:
sqlLib.connect(myDatabase, myUserid, "myPassword");
Because
the password parameter is specified as a string literal, it is automatically
encrypted in the generated code.
However, if you hard-code your password in a place other than the
function call, EGL does not encrypt the password:
myPasswordVariable string = "myPassword";
sqlLib.connect(myDatabase, myUserid, myPasswordVariable);
In
this case, the password is not encrypted and is displayed in the generated
source.
You can manually encrypt your password by running the command-line
utility and using the returned encrypted value in your code:
myPasswordVariable string = "crypto:abcdef12345";
sqlLib.connect(myDatabase, myUserid, myPasswordVariable);
Following are some places where you might need to manually encrypt
hard-coded passwords:
- Variables in which you store passwords
- CallLink element properties, such as ctgKeyStorePassword
- Calls to system functions, such as sqlLib.connect, sysLib.setRemoteUser,
or VGLib.connectionService in which you
do not pass the password as a literal in the function call
When an EGL system function receives a password with the crypto: prefix,
it decrypts the password automatically. For this reason, you must
encrypt any passwords beginning with the characters crypto:;
otherwise, EGL will attempt to decrypt the non-encrypted password.
Follow these steps to encrypt a password:
- Add your Java executable
to the system's path:
- Obtain and install a Java SDK
if you do not already have one. IBM® offers
a Java SDK for download at the
following website: http://www.ibm.com/developerworks/java/jdk/.
- In your system's PATH environment variable, add
the location of the Java SDK.
See your operating system's documentation for instructions.
- Open a command prompt.
- Navigate to the following location:
shared_resources\plugins\
com.ibm.etools.egl.java.runtime_version
- shared_resources
- The shared resources directory for your product, such as C:\Program
Files\IBM\SDP70Shared on a Windows system
or /opt/IBM/SDP70Shared on a Linux system.
If you installed and kept a previous version of an IBM product containing EGL before installing
your current product, you may need to specify the shared resources
directory that was set up in the earlier installation.
- version
- The installed version of the plugin. If
more than one is present, use the one with the most recent version
number, unless you have a reason to use an older version.
- Type the following command to invoke the program:
java -classpath fda7.jar com.ibm.javart.security.PasswordEncrypter
The
program displays the prompt Enter text to encrypt:.
- Type your password and press Enter. The program returns an encrypted
string beginning with the prefix crypto:.
- Copy the entire returned string, including the crypto: prefix,
into places in which you would ordinarily hard-code your password.
- Save the changed files and regenerate the project.