All passwords saved in the repository configuration files are encrypted and are decrypted at runtime. User passwords are encrypted when making connection to the repository.
The default keys used for the encryption and decryption process are saved in the following file:
install_dir/keystore/common.keystore
For security purposes, we recommend that you generate your own key and keystore file. The keystore information is saved in the following file:
install_dir/keystore/config/cmrcommon.xml
This file contains the following XML structure:
<cmrcommon> <!-- Keystore Configuration --> <bean class="java.lang.Object" id="cmr.common.config.keystore"> <!-- if value is empty, default to cmr home\keystore folder --> <param name="keyStoreFilePath" value=""/> <param name="keyStoreFileName" value="common.keystore"/> <param name="keyStoreAlias" value="cmrenkey"/> <param name="keyStorePassword" value="changeit"/> </bean> </cmrcommon>
You can edit the following nodes:
keyStoreFilePath – Specifies the path to the keystore file. Default value: install_dir/keystore/.
keyStoreFileName – Specifies the name of the keystore file.
keyStoreAlias – [required] Specifies the name of the alias of the key in the keystore.
keyStorePassword – [required] Specifies the password to read the keystore.
You can use the following command to generate a 512 byte key and keystore file:
JDK_HOME\bin\keytool -genkey -keyalg RSA -keysize 512 –alias keyStoreAlias -keypass keyStorePassword -keystore keyStoreFilePath\keyStoreFileName -storepass keyStorePassword
For example: to generate a new key using the default values specified in the cmrcommon.xml file:
JDK_HOME\bin\keytool –genkey –keyalg RSA –keysize 512 –alias cmrenkey –keypass changeit –keystore install_dir\keystore\common.keystore –storepass changeit
Note that all PowerDesigner Portal web application layer installations that need to connect to a PowerDesigner Portal Server must use the same keyStore file. We recommend that you update periodically the key in the keystore. If a new key is being used, make sure to change the passwords in install_dir/keystore/config/repository.xml file to a plain password. PowerDesigner Portal will automatically encrypt any plain passwords in this file.
For example: the database access password.
<bean class="com.sybase.cmr.infra.server.persistence.db.connection.DBCPConnectionProvider" id="cmr.connection.provider"> <param name="databaseProfile" value="asa90.xml" /> <param name="dbtype" value="Sybase ASA 10.x" /> <param name="connectionURL" value="jdbc:sybase:Tds:localhost:2638" /> <param name="jdbcDriverClass" value="com.sybase.jdbc3.jdbc.SybDriver" /> <param name="dbhost" value="localhost" /> <param name="dbport" value="2638" /> <param name="dbname" value="" /> <param name="user" value="dba" /> <param name="password" value="sql" /> <param name="initialPoolSize" value="1" /> <param name="minIdle" value="1" /> <param name="maxIdle" value="3" /> <param name="maxWait" value="2" /> <param name="maxActive" value="10" /> <param name="isolationLevel" value="1" /> </bean>
The mail server password:
<bean class="java.lang.Object" id="cmr.server.config.smtp"> <param name="mail_notification_resume" value="true" /> <param name="mail_notification_include_before_resume" value="false"/> <param name="smtp_host" value="" /> <param name="smtp_port" value="" /> <param name="default_sender_email" value="" /> <param name="smtp_ssl" value="false" /> <param name="smtp_auth" value="false" /> <param name="smtp_auth_account" value="" /> <param name="smtp_auth_password" value="" /> <param name="smtp_password_authentication" value="false" /> <param name="mail_template_name" value="mail.template.xml" /> </bean>