You can encrypt passwords by using an EGL command-line
utility. Password encryption is supported only for Java™ code and the debugger, not for COBOL programs.
When EGL generates output files, it automatically encrypts passwords
in property files and literals that are passed to system functions.
For example, here is a call to the
sqlLib.connect system
function:
sqlLib.connect(myDatabase, myUserid, "myPassword");
Because
the password parameter is specified as a string literal, it is automatically
encrypted in the generated code.
However, if you hardcode your password in a place other than the
function call, EGL does not encrypt the password:
myPasswordVariable string = "myPassword";
sqlLib.connect(myDatabase, myUserid, myPasswordVariable);
In
this case, the password is not encrypted and is displayed in the generated
source.
You can manually encrypt your password by running the command-line
utility and using the returned encrypted value in your code:
myPasswordVariable string = "crypto:abcdef12345";
sqlLib.connect(myDatabase, myUserid, myPasswordVariable);
You might need to manually encrypt hard-coded passwords in the
following elements:
- Variables in which you store passwords
- CallLink element properties, such as ctgKeyStorePassword
- Calls to system functions, such as sqlLib.connect, sysLib.setRemoteUser,
or VGLib.connectionService in which you
do not pass the password as a literal in the function call
When an EGL system function receives a password with the crypto: prefix,
it decrypts the password automatically. For this reason, you must
encrypt any passwords beginning with the characters crypto:;
otherwise, EGL will attempt to decrypt the non-encrypted password.
To encrypt a password:
- Add your Java executable
to the path of the system:
- Obtain and install a Java SDK
if you do not already have one. IBM® offers
a Java SDK to download at the
following Web site: http://www.ibm.com/developerworks/java/jdk/.
- In the PATH environment variable of your system,
add the location of the Java SDK.
For instructions, see the documentation for your operating system.
- Open a command prompt.
- Go to the following location:
shared_resources\plugins\
com.ibm.etools.egl.java.runtime_version
- shared_resources
- The shared resources directory for your product, such as C:\Program
Files\IBM\SDP70Shared on a Windows® system or /opt/IBM/SDP70Shared on
a Linux® system.
If you installed and kept a previous version of an IBM product containing EGL before installing
your current product, you may need to specify the shared resources directory
that was set up in the earlier install.
- version
- The installed version of the plugin, including three numbers separated
by periods, a string separator, and the date and time that the plugin was
built; for example, 7.0.0.RFB_20070120_1300. If more than
one is present, use the one with the most recent version number, unless you
have a reason to use an older version.
- To invoke the program, type the following command :
java -classpath fda7.jar com.ibm.javart.security.PasswordEncrypter
The
program displays the prompt Enter text to encrypt:.
- Type your password and press Enter. The program returns an encrypted
string that begins with the prefix crypto:.
- Copy the entire returned string, including the crypto: prefix,
into places in which you would typically hard-code your password.
- Save the changed files and regenerate the project.