Oracle® Fusion Middleware Configuration Guide for Oracle Enterprise Repository 11g Release 1 (11.1.1.5.0) Part Number E16580-07 |
|
|
View PDF |
This chapter provides information about how you can access the Oracle Enterprise Repository Diagnostics page and encrypt passwords.
This chapter contains the following sections:
Password encryption is enabled by default within the Oracle Enterprise Repository, however, you may use the JVM startup parameter cmee.passwordencryption=false
to disable password encryption.
In Oracle Enterprise Repository 11g release, Oracle Enterprise Repository Diagnostics page is disabled, by default. Navigate to http://host_name:port/application_name/diag/index.jsp (replace host_name with the appropriate location).
When you open the Diagnostics page in the default mode, the following message is displayed:
Diag pages are currently disabled. Please contact your Oracle Enterprise Repository Administrator.
To enable the Diagnostics page, perform the following steps:
Navigate to <Oracle_home>\user_projects\domains\base_domain\bin to access the .sh and .cmd files.
Edit setOERdomain.sh
or setOERdomain.cmd
before starting the Oracle Enterprise Repository server.
Uncomment the following line that is commented, by default:
OER_DIAG_OPTION="-DdiagPagesEnabled=true"
Restart the Oracle Enterprise Repository server.
It is recommended to only enable when necessary and disable once the system is running without any issues.
You can encrypt passwords using two different methods, one using the Oracle Enterprise Repository diagnostic page and other using the password encryption tool. To generate encrypted passwords, you need to perform the following steps:
Access the Oracle Enterprise Repository Diagnostics page.
Navigate to http://host_name:port/application_name/diag/index.jsp (replace host_name with the appropriate location).
Scroll down to the Tools section and click the Encrypt Strings for passwords link to launch the Password encryption page.
Enter the clear text password into the String to Encrypt text box.
Click the Submit Query button.
Copy the resulting encrypted password string and paste it into the appropriate context or properties file(s).
The password encryption tool can be found at <ORACLE_HOME>/repositoryXXX/core/tools/solutions/11.1.1.x.x-OER-PasswordTools.zip. The 11.1.1.x.x-OER-PasswordTools.zip file has two scripts (for windows and unix):
encrypt.bat/encrypt.sh - encrypt an xml config file's password elements
encryptpassword.bat/encryptpassword.sh - encrypt a single password from the command line
This section also contains the following topics:
The suggested usage of encrypted passwords are as below:
In the database.properties
file
The connection password for the database.
The Ant task property file or build script
The password the Oracle Enterprise Repository user will use at login.
In the Harvester HarvesterSettings.xml
configuration file
The password stored in the HarvesterSettings.xml
file.
In the Oracle Registry Repository Exchange Utility configuration (orrxu.xml
) file
The password stored in the orrxu.xml
file.
In the Oracle Enterprise Repository Workflow configuration (workflow.xml
) file
The password stored in the workflow.xml
file.
Other passwords in the system are encrypted automatically. This operation is invisible to the user. A number of fields stored in the properties files are encrypted by default, including:
ldap.bindPassword
enterprise.guest.password
cmee.wsaa.password
This encryption occurs when the properties are edited and saved. Automatic encryption of passwords during an upgrade is unavailable at this time.
Passwords stored with the artifact stores are stored in the database in an encrypted format.
To ensure security, the passwords in the configuration files must be encrypted. You need to encrypt the configuration file passwords for the following:
To ensure security, the passwords in the harvester configuration must be encrypted. The password encryption tool, (encrypt.bat
/encrypt.sh
), which is distributed with Harvester allows you to encrypt the passwords that are stored in the Harvester configuration (HarvesterSettings.xml
) file.
Navigate to the <Harvester Home>
directory.
From a command prompt, run the password encryption tool as follows:
> encrypt.bat HarvesterSettings.xml HarvesterSettings.xml
where
HarvesterSettings.xml
= the Harvester configuration file.
For enhanced security, the password encryption tool (encrypt.bat/encrypt.sh), which is packaged with the Exchange Utility kit, resides in the installation directory, and allows you to encrypt the passwords that are stored in the Oracle Registry Repository Exchange Utility configuration (orrxu.xml
) file.
Navigate to the <ExchangeUtility Tool Home>
directory.
From a command prompt, as shown in Figure 5-1, run the password encryption tool as follows:
> encrypt.bat orrxu.xml orrxu.xml
where:
orrxu.xml
= the Oracle Registry Repository Exchange Utility configuration file
Figure 5-2 describes a sample image of how the password field appears before the encryption.
Figure 5-2 Example Image of Password Before Encryption
Figure 5-3 describes a sample image of how the password field appears after you run the password encryption tool.
Figure 5-3 Example Image of Password After Encryption
For enhanced security, the password encryption tool (encrypt.bat
/encrypt.sh
), which resides in the 11.1.1.x.x-OER-PasswordTools.zip
file, allows you to encrypt the passwords that are stored in the Workflow configuration (workflow.xml
) file.
Navigate to the ORACLE_HOME/repositoryXXX/core/tools/solutions
directory.
Extract the 11.1.1.x.x-OER-PasswordTools.zip
file to a directory and open a command prompt at this directory location.
From the command prompt, run the password encryption tool as follows:
> encrypt.bat workflow.xml workflow.xml
where
workflow.xml
= the Workflow configuration file