Page History
Table of Contents |
---|
Introduction
Users frequently ask if JS7 can encrypt credentials. The answer is "no" as it makes no sense to handle a symmetric key that is in reach of the component that makes use of it. Encrypted passwords correspond to the "key under the mat", they do not provide additional security, however, they perfectly contribute to obfuscation.
There is one way only how There is a preferred way to securely handle passwords: not to use passwords.
If the use of passwords is required, then consider to apply asymmetric encryption of credentials or use of a Credential Store. In addition, check if alternative Alternative authentication mechanisms can be applied such as Integrated Security can be applied for a number of DBMS.
Encryption of Credentials
JS7 offers JS7 - Encryption and Decryption.
This includes to encrypt passwords for database access, see JS7 - How to encrypt and decrypt Database Credentials
Credential Store
JS7 supports use of a Credential Store:
...
Integrated Security
Integrated Security includes that
...
is an authentication scheme
...
based on the fact that the account
...
which a component is operated for is already authenticated by the OS and therefore can access a database without specifying user/password credentials.
...
This feature is available for a number of DBMS such as:
- Microsoft SQL Server®, see the JS7 - How to connect to a an SQL Server database without passwordusing passwords article.
- Oracle® that includes including support for Oracle® Wallet, see the JS7 - How to make JOC Cockpit connect to an Oracle database without using passwordsWallet® article.