Database passwords which are stored in the N4 configuration files can be encrypted or stored in plain text. When you run the installer for N4 and N4 Billing, you will see an option to have the database passwords encrypted inside these configuration files:
|
Database |
Configuration File |
Default Location |
|---|---|---|
|
N4 |
apex.xml |
Windows: C:\ProgramData\navis\[Node]\conf\Catalina\localhost\ Linux: /opt/navis/configuration/[Node]/conf/Catalina/localhost/ |
|
N4 Billing |
billing.xml |
Windows: C:\ProgramData\navis\n4billing\conf\Catalina\localhost\ Linux: /opt/navis/configuration/n4billing/conf/Catalina/localhost/ |
|
ECN4 |
ecn4_settings_prod.xml |
Windows: C:\ProgramData\navis\[Node]\conf\Catalina\localhost\ Linux: /opt/navis/configuration/[Node]/conf/Catalina/localhost/ |
|
ECS |
n4-settings.xml |
[shared network folder]\conf\ |
A setting in the configuration files indicates that the password is encrypted:
encrypted="true"
You may want to store plain text passwords if you are using a custom interface or application that needs to read the configuration files. During the installation you may choose to not encrypt the password. You can also use this setting to indicate that the password is plain text:
encrypted="false"
Navis recommends that you store encrypted passwords.
To generate the encrypted password, use the encryption script which is available on the N4 node:
encrypt.bat (default location is C:\Program Files\Navis\sparcsn4\bin)
or
encrypt.sh (default location is /opt/navis/application/sparcsn4/bin)
For instructions on generating the encrypted password, see Update an encrypted password (on page 1).
The encrypted password which is stored in the database is not the same encrypted password that is stored in the apex.xml configuration file. The N4 database passwords are stored in the database using bcrypt encryption. Additionally, N4 uses a keystore for encrypted passwords as another layer of password security.
When you import users and passwords through SNX, the passwords will be hashed with bcrypt encryption before being saved to the N4 database. If the passwords in the SNX file are encrypted with MD5 encryption, then those passwords will be converted to bcrypt encryption before being saved in the database.
If you upgraded from N4 3.6 or lower, the old MD5 passwords are still available in case you decide to fall back to the previous version. If you have successfully upgraded and the fallback period is over, you should nullify the old MD5 encrypted passwords (on page 1) using the NullifyPasswordBackup code extension.
Update an encrypted database password (Windows)
If your database password is encrypted in the configuration file (where encrypted="true"), then follow the steps below to update the password. The encrypted string is different each time you run this for the same password.
To update the database password:
Update the password the in the database with your database tool.
Generate an encrypted password. This will be pasted to the data source configuration file.
In Windows, open the Command Prompt.
Locate the script encrypt.bat (default location is C:\Program Files\Navis\sparcsn4\bin).
Enter the password that you want to encrypt.
Type the command to generate the encryption:
encrypt.bat <password_to_encrypt>
You should see output for a new encrypted password. Copy the password and paste it in the configuration file as the new password.
Encrypted Password: "rgm10IAb2YbCOfkMT0Tu0w6Dmm8YsZgyAguEiiS4bFQ="
Note: The encrypted password is enclosed between the quotes.
If you execute the encrypt command multiple times for the same password, you will get different output. All these output are equivalent so you can copy any of the output into the configuration file.
Restart the N4 service.
Here is an example for apex.xml or billing.xml:
Here example for n4-settings.xml:
The encrypted password in the configuration file should be in sync with the (unencrypted) database password.
What if the database password is not encrypted?
If your database passwords are not encrypted in the configuration file (encrypted="false"), the passwords can be easily read and changed. You may want to store plain text passwords if you are using a custom interface or application that needs to read the configuration files. Otherwise, Navis recommends that you encrypt the passwords in the apex.xml file.
To start using password encryption:
Open the configuration file in a file editor.
Change the encrypted setting to "true".
encrypted="true"
Follow the steps to generate an encrypted password (on page 1).