Category
Administration
Product Version
9.0
Encryption of Configuration Database password in web.xml
Answered
As per the changes to cryptography algorithm as mentioned in https://community.yellowfinbi.com/topic/how-can-i-re-encrypt-my-yellowfin-db-password-in-the-web-xml, is there an updated knowledge base article that provides instructions to encrypt the password that is used in the web.xml to make use of AES as opposed to 3DES as per https://community.yellowfinbi.com/topic/how-can-i-re-encrypt-my-yellowfin-db-password-in-the-web-xml.
The same question
Good Morning,
I hope you are well
It seems as though you have sent the same link twice from 4 years ago? did you mean to send this article?
As of Version 8.0.9 and 9.5 Yellowfin now uses AES instead of Triple DES as mentioned here in this article <
If you are seeing a warning in your logs that mention AES could not be used and its falling back to Triple DES, then to give you some peace of mind, this should not affect anything :)
However, if you would like your encryption method to use the AES package, all you need to do is resave your Data source password and it should update the encryption method used & you won't see those warning messages in the logs anymore :)
I hope this helps!
Best Wishes,
Lesley
Good Morning,
I hope you are well
It seems as though you have sent the same link twice from 4 years ago? did you mean to send this article?
As of Version 8.0.9 and 9.5 Yellowfin now uses AES instead of Triple DES as mentioned here in this article <
If you are seeing a warning in your logs that mention AES could not be used and its falling back to Triple DES, then to give you some peace of mind, this should not affect anything :)
However, if you would like your encryption method to use the AES package, all you need to do is resave your Data source password and it should update the encryption method used & you won't see those warning messages in the logs anymore :)
I hope this helps!
Best Wishes,
Lesley
Lesley,
Yes the link you have mentioned is what I was referring to. I noticed after submitting the question and wasn’t able to modify it.
The Data Sources are okay, they will update as you have mentioned.
The password that I’m referring to here is the one used by the application server itself to connect to the Yellowfin Configuration Database.
It is in the web.xml file in the web server’s webapps directory – see below snippet
<!--
Password to the configuration database connection is encrypted at
installation time. If you need to change this password, you can set
the JDBCPasswordEncrypted parameter to false, and store the password
in plaintext in the JDBCPassword parameter.
-->
<init-param>
<param-name>JDBCPassword</param-name>
<param-value>{password}</param-value>
</init-param>
The password is initially encrypted on install, but need to update it and re-encrypt the value.
Looking for an updated version of the EncryptPassword.jar or equivalent that provides the AES option that I can use to encrypt the password.
Thank you.
Cheers,
Kent
From: Yellowfin Support <support@yellowfin.bi>
Sent: Thursday, 9 December 2021 8:54 PM
To: Kent To <kent.to@richdataco.com>
Subject: New Comment in "Encryption of Configuration Database password in web.xml"
CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.
Lesley,
Yes the link you have mentioned is what I was referring to. I noticed after submitting the question and wasn’t able to modify it.
The Data Sources are okay, they will update as you have mentioned.
The password that I’m referring to here is the one used by the application server itself to connect to the Yellowfin Configuration Database.
It is in the web.xml file in the web server’s webapps directory – see below snippet
<!--
Password to the configuration database connection is encrypted at
installation time. If you need to change this password, you can set
the JDBCPasswordEncrypted parameter to false, and store the password
in plaintext in the JDBCPassword parameter.
-->
<init-param>
<param-name>JDBCPassword</param-name>
<param-value>{password}</param-value>
</init-param>
The password is initially encrypted on install, but need to update it and re-encrypt the value.
Looking for an updated version of the EncryptPassword.jar or equivalent that provides the AES option that I can use to encrypt the password.
Thank you.
Cheers,
Kent
From: Yellowfin Support <support@yellowfin.bi>
Sent: Thursday, 9 December 2021 8:54 PM
To: Kent To <kent.to@richdataco.com>
Subject: New Comment in "Encryption of Configuration Database password in web.xml"
CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.
Ah I see! Thanks for clarifying, Kent :)
I am going to question this with the security team and will update you later today - I hope thats ok!
Best Wishes,
Lesley
Ah I see! Thanks for clarifying, Kent :)
I am going to question this with the security team and will update you later today - I hope thats ok!
Best Wishes,
Lesley
Lesley,
Thanks for that. Look forward to your update once you get clarification from the security team.
Cheers,
Kent
From: Yellowfin Support <support@yellowfin.bi>
Sent: Thursday, 9 December 2021 11:18 PM
To: Kent To <kent.to@richdataco.com>
Subject: New Comment in "Encryption of Configuration Database password in web.xml"
CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.
Lesley,
Thanks for that. Look forward to your update once you get clarification from the security team.
Cheers,
Kent
From: Yellowfin Support <support@yellowfin.bi>
Sent: Thursday, 9 December 2021 11:18 PM
To: Kent To <kent.to@richdataco.com>
Subject: New Comment in "Encryption of Configuration Database password in web.xml"
CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.
Hey Kent,
I hope you are well & my apologies for the delay here -
Just to keep you in the loop, I have been informed to ask a developer about this instead, so I will do that and let you know once I have a response!
Best Wishes,
Lesley
Hey Kent,
I hope you are well & my apologies for the delay here -
Just to keep you in the loop, I have been informed to ask a developer about this instead, so I will do that and let you know once I have a response!
Best Wishes,
Lesley
Lesley
Thanks for the update on this.
Cheers,
Kent
From: Yellowfin Support <support@yellowfin.bi>
Sent: Wednesday, 15 December 2021 4:27 AM
To: Kent To <kent.to@richdataco.com>
Subject: New Comment in "Encryption of Configuration Database password in web.xml"
CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.
Lesley
Thanks for the update on this.
Cheers,
Kent
From: Yellowfin Support <support@yellowfin.bi>
Sent: Wednesday, 15 December 2021 4:27 AM
To: Kent To <kent.to@richdataco.com>
Subject: New Comment in "Encryption of Configuration Database password in web.xml"
CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.
Hey Kent,
I hope you are well!
Just to let you know, the colleagues I have reached out to have not provided a response yet - I suspect they are currently on leave until after the new year.
I apologies that this is taken longer than expected to find out - would it be ok to put this on hold till the new year?
Best Wishes,
Lesley
Hey Kent,
I hope you are well!
Just to let you know, the colleagues I have reached out to have not provided a response yet - I suspect they are currently on leave until after the new year.
I apologies that this is taken longer than expected to find out - would it be ok to put this on hold till the new year?
Best Wishes,
Lesley
Lesley,
No problems to carry this item over to the new year.
Cheers,
Kent
From: Yellowfin Support <support@yellowfin.bi>
Sent: Friday, 24 December 2021 1:06 AM
To: Kent To <kent.to@richdataco.com>
Subject: New Comment in "Encryption of Configuration Database password in web.xml"
CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.
Lesley,
No problems to carry this item over to the new year.
Cheers,
Kent
From: Yellowfin Support <support@yellowfin.bi>
Sent: Friday, 24 December 2021 1:06 AM
To: Kent To <kent.to@richdataco.com>
Subject: New Comment in "Encryption of Configuration Database password in web.xml"
CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.
Hey Kent,
Thanks for your understanding :)
Happy Holidays!
Best Wishes,
Lesley
Hey Kent,
Thanks for your understanding :)
Happy Holidays!
Best Wishes,
Lesley
Hey Kent,
I hope you are. well :)
I have had a response on how to encrypt the password to AES -
You can use the EncryptPassword function without using the additional .jar file
Here are the steps -
java -cp i4-core.log4j-1.2-api-2.13.3.log4j-core-2.13.3.log4j-api-2.13.3.jar com.hof.standalone.EncryptPassword
4. It will prompt for a password, enter a password.. It will then output the encrypted password
Just to note - the log4j version may have changed depending on your specific version
I hope this helps - Let me know if you have any further questions :)
Best Wishes,
Lesley
Hey Kent,
I hope you are. well :)
I have had a response on how to encrypt the password to AES -
You can use the EncryptPassword function without using the additional .jar file
Here are the steps -
java -cp i4-core.log4j-1.2-api-2.13.3.log4j-core-2.13.3.log4j-api-2.13.3.jar com.hof.standalone.EncryptPassword
4. It will prompt for a password, enter a password.. It will then output the encrypted password
Just to note - the log4j version may have changed depending on your specific version
I hope this helps - Let me know if you have any further questions :)
Best Wishes,
Lesley
Lesley,
Thank you for the information provided.
I had to also add i4-adapter.jar to the classpath for the command to work successfully.
Appreciate the help with this.
Cheers,
Kent
Lesley,
Thank you for the information provided.
I had to also add i4-adapter.jar to the classpath for the command to work successfully.
Appreciate the help with this.
Cheers,
Kent
Good Morning, Kent
No problem, & thank you for informing us of the extra .jar you had to add - this may help anyone who is doing the same in the future!
I hope you enjoy the rest of your week!
Best Wishes,
Lesley
Good Morning, Kent
No problem, & thank you for informing us of the extra .jar you had to add - this may help anyone who is doing the same in the future!
I hope you enjoy the rest of your week!
Best Wishes,
Lesley
Replies have been locked on this page!