Encryption of Configuration Database password in web.xml

K To shared this question 9 months ago
Answered

As per the changes to cryptography algorithm as mentioned in https://community.yellowfinbi.com/topic/how-can-i-re-encrypt-my-yellowfin-db-password-in-the-web-xml, is there an updated knowledge base article that provides instructions to encrypt the password that is used in the web.xml to make use of AES as opposed to 3DES as per https://community.yellowfinbi.com/topic/how-can-i-re-encrypt-my-yellowfin-db-password-in-the-web-xml.

Comments (12)

photo
1

Good Morning,

I hope you are well


It seems as though you have sent the same link twice from 4 years ago? did you mean to send this article?

As of Version 8.0.9 and 9.5 Yellowfin now uses AES instead of Triple DES as mentioned here in this article <


If you are seeing a warning in your logs that mention AES could not be used and its falling back to Triple DES, then to give you some peace of mind, this should not affect anything :)

However, if you would like your encryption method to use the AES package, all you need to do is resave your Data source password and it should update the encryption method used & you won't see those warning messages in the logs anymore :)


I hope this helps!

Best Wishes,

Lesley

photo
1

Lesley,

Yes the link you have mentioned is what I was referring to. I noticed after submitting the question and wasn’t able to modify it.

The Data Sources are okay, they will update as you have mentioned.

The password that I’m referring to here is the one used by the application server itself to connect to the Yellowfin Configuration Database.

It is in the web.xml file in the web server’s webapps directory – see below snippet

    <!--

      Password to the configuration database connection is encrypted at

      installation time. If you need to change this password, you can set

      the JDBCPasswordEncrypted parameter to false, and store the password

      in plaintext in the JDBCPassword parameter.

    -->

    <init-param>

      <param-name>JDBCPassword</param-name>

      <param-value>{password}</param-value>

    </init-param>

The password is initially encrypted on install, but need to update it and re-encrypt the value.

Looking for an updated version of the EncryptPassword.jar or equivalent that provides the AES option that I can use to encrypt the password.

Thank you.

Cheers,

Kent

From: Yellowfin Support <support@yellowfin.bi>

Sent: Thursday, 9 December 2021 8:54 PM

To: Kent To <kent.to@richdataco.com>

Subject: New Comment in "Encryption of Configuration Database password in web.xml"

CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.

photo
1

Ah I see! Thanks for clarifying, Kent :)

I am going to question this with the security team and will update you later today - I hope thats ok!


Best Wishes,

Lesley

photo
1

Lesley,

Thanks for that. Look forward to your update once you get clarification from the security team.

Cheers,

Kent

From: Yellowfin Support <support@yellowfin.bi>

Sent: Thursday, 9 December 2021 11:18 PM

To: Kent To <kent.to@richdataco.com>

Subject: New Comment in "Encryption of Configuration Database password in web.xml"

CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.

photo
1

Hey Kent,

I hope you are well & my apologies for the delay here -

Just to keep you in the loop, I have been informed to ask a developer about this instead, so I will do that and let you know once I have a response!


Best Wishes,

Lesley

photo
1

Lesley

Thanks for the update on this.

Cheers,

Kent

From: Yellowfin Support <support@yellowfin.bi>

Sent: Wednesday, 15 December 2021 4:27 AM

To: Kent To <kent.to@richdataco.com>

Subject: New Comment in "Encryption of Configuration Database password in web.xml"

CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.

photo
1

Hey Kent,

I hope you are well!


Just to let you know, the colleagues I have reached out to have not provided a response yet - I suspect they are currently on leave until after the new year.

I apologies that this is taken longer than expected to find out - would it be ok to put this on hold till the new year?


Best Wishes,

Lesley

photo
1

Lesley,

No problems to carry this item over to the new year.

Cheers,

Kent

From: Yellowfin Support <support@yellowfin.bi>

Sent: Friday, 24 December 2021 1:06 AM

To: Kent To <kent.to@richdataco.com>

Subject: New Comment in "Encryption of Configuration Database password in web.xml"

CAUTION: This email originated from outside of the organisation. Do not act on any instructions, click links or open attachments unless you recognise the sender and know the content is safe.

photo
1

Hey Kent,

Thanks for your understanding :)


Happy Holidays!

Best Wishes,

Lesley

photo
1

Hey Kent,

I hope you are. well :)


I have had a response on how to encrypt the password to AES -

You can use the EncryptPassword function without using the additional .jar file


Here are the steps -

  1. Stop Yellowfin
  2. In command prompt change directory to the Yellowfin/appserver/webapps/ROOT/WEB-INF/lib folder
  3. Run this command:


java -cp i4-core.jar:log4j-1.2-api-2.13.3.jar:log4j-core-2.13.3.jar:log4j-api-2.13.3.jar com.hof.standalone.EncryptPassword


4. It will prompt for a password, enter a password.. It will then output the encrypted password


Just to note - the log4j version may have changed depending on your specific version

I hope this helps - Let me know if you have any further questions :)


Best Wishes,

Lesley

photo
1

Lesley,

Thank you for the information provided.

I had to also add i4-adapter.jar to the classpath for the command to work successfully.

Appreciate the help with this.

Cheers,

Kent

photo
1

Good Morning, Kent

No problem, & thank you for informing us of the extra .jar you had to add - this may help anyone who is doing the same in the future!


I hope you enjoy the rest of your week!

Best Wishes,

Lesley