Enterprise Security allows you to store passwords in a “salted” format. A salted password contains random characters, so the password as stored does not permit access to the system.
To enhance the security of stored passwords by enabling salting or password encryption, the administrator can set the password properties in the security.properties file. For example, to define MD5 as an allowable encoding type, use a text editor to open security.properties, and append “,MD5” to the passwordAllowedEncodings property value:
passwordAllowedEncodings = SHA,MD5
The location of security.properties depends on your application server.
EAServer – JAGUAR/java/classes/com/sybase/ep/security.
WebLogic – BEA_ROOT/sybepsecurity/etc/com/sybase/ep/security.
Passwords are encoded using industry-standard hash algorithms. Examples of these are “MD5” and “SHA”. In addition, the “TXT” proprietary encoding type is available, which does not actually encode passwords but leaves them in an unencoded format. The “TXT” encoding type’s primary use is to change the password of a user—typically, performed by the system administrator—when the user’s password is lost. For security purposes, users with TXT-encoded passwords cannot authenticate. The password* properties described in Table 15-5 define acceptable password formats.
To enable TXT-encoded password authentication:
Using a text editor, open security.propeties.
Append “,TXT” to the allowedEncodings property value. For example:
passwordAllowedEncodings = SHA,TXT
Set the value of allowUnsaltedAuthentications to true.
Once access has been regained, change the user’s password using the administration tool, and disable TXT encoding.
For information about SHA, see the Secure Hash Standard. For information about MD5, see the MD5 Message-Digest Algorithm.
