Introduction

Users frequently ask if JS7 can encrypt credentials. The answer is "no" as it makes no sense to handle a symmetric key that is in reach of the component that makes use of it. Encrypted passwords correspond to the "key under the mat", they do not provide additional security, however, they perfectly contribute to "security by obfuscation".

There is one way only how There is a preferred way to securely handle passwords: not to use passwords.

If the use of passwords is required, then consider to apply asymmetric encryption of credentials or use of a Credential Store. In addition, check if alternative Alternative authentication mechanisms can be applied such as Integrated Security can be applied for a number of DBMS.

Encryption of Credentials

JS7 offers JS7 - Encryption and Decryption.

This includes to encrypt passwords for database access, see JS7 - How to encrypt and decrypt Database Credentials

Credential Store

JS7 supports use of a Credential Store:

...

Integrated Security

Integrated Security includes that

...

is an authentication scheme

...

based on the fact that the account

...

which a component is operated for is already authenticated by the OS and therefore can access a database without specifying user/password credentials.

...

This feature is available for a number of DBMS such as:

• Microsoft SQL Server®, see the JS7 - How to connect to an SQL Server database without using passwords article.
• Oracle® that includes including support for Oracle® Wallet, see the JS7 - How to make JOC Cockpit connect to an Oracle database using Wallet® article.