Copyright © TIBCO Software Inc. All Rights Reserved


Appendix A Adapter Properties File : Obfuscating or Encrypting a Password in a Properties File

Obfuscating or Encrypting a Password in a Properties File
This section describes password handling and how to obfuscate or encrypt a password in a properties file.
Password Handling
At runtime, the adapter uses passwords to connect to the back-end application and interoperate with it. If you create a 4.x configuration using TIBCO Designer 5.6 and use the configuration against a 4.x adapter version, some special considerations are required for security.
If you plan to run the adapter locally, define the password values to be global variables. Before starting the adapter, include the runtime password as client variable in the adapter's TRA file and obfuscate it using the obfuscate tool. For example, if the password value is defined as %%myPassword%%, create a global variable named myPassword in the global variables section with no value and include the following entry in the adapter's .tra file:
tibco.clientVar.myPassword
During configuration, you can toggle between global variables and plain text values. These values are visible in non-readable form in the project. Plain text values are stored in the project in encrypted form.
Obfuscating a Password
If the runtime adapter uses a password to access the vendor application, the password is stored in readable form as a value to the tibco.clientVar.variable=# password property in the runtime adapter’s properties file. You can use the obfuscate tool to hide the password in the properties file so the password cannot be viewed by unauthorized users.
To obfuscate the password:
1.
Using TIBCO Designer, open the adapter configuration and navigate to the panel where the password used by the runtime adapter to connect to Tuxedo is defined. In the password field, provide a user defined global variable, such as %%MyPassword%%. The global variable must also be added to the global variable list. See Using Global Variables for more information about creating global variables.
2.
In the runtime adapter properties file, verify that the tibco.clientVar.variable=# password property is defined in the file.
3.
Run the obfuscation tool supplied with adapter software against the properties file. This tool is named obfuscate.exe and resides in the TIBCO_HOME\tibco\tra\veriosn_number\bin directory.
The command syntax on Microsoft Windows for a default installation is: TIBCO_HOME\tra\5.6\bin\obfuscate tra-file-path-name
where tra-file-path-name is the absolute pathname of the adapter properties file that contains the tibco.clientVar.variable=# password property.
For example, on Microsoft Windows:
TIBCO_HOME\tra\5.6\bin>obfuscate
TIBCO_HOME\adapter\adtuxedo\veriosn_number\bin\adtuxedoagent.tra
The password is now obfuscated and you can start the adapter with the changed properties file.
If you do not want to obfuscate a password, remove # at the beginning of the obfuscated password and replace it with the password in plain text.
Encrypting a Password
Encryption is only supported for version 5.1 adapters and higher. If you have a property in a properties file that needs to be encrypted, follow these steps:
1.
In the property file, add the #! characters in front of the value you want to encrypt. For example:
 
Repo.serverPassword = #!mysecret
2.
 
TIBCO_HOME/tibco/tra/veriosn_number/bin/obfuscate.exe --propertyfile=tra-file-name
The next time you open the property file, mysecret will have been replaced with a random sequence of characters.

Copyright © TIBCO Software Inc. All Rights Reserved