Basically, application needs to makes some external system related e.g. REST API and sFTP and it requires technical user password to be stored. Currently, it is stored in properties files which is not secured and would like to avoid heavy lifting AES encryption. So would like to store WebSphere system variable. So what would be the security applied in WAS. Is it stored as plain text format within WebSphere or does WebSphere applies some kind of encryption?
Asked
Active
Viewed 388 times
0
-
1WebSphere environment variables are stored as plain text in variables.xml files (location depending on the scope of the variable). – Ryan Oct 15 '17 at 11:08
-
Why is AES "heavy lifting"? It's not speed I presume. Encrypting them and storing them base 64 encoded may make sense. – Maarten Bodewes Oct 15 '17 at 11:50
-
Might find this useful https://www.ibm.com/developerworks/library/mw-1611-lansche-trs/index.html – dbreaux Oct 16 '17 at 18:07
-
Better that WebSphere variables could be J2C authentication alias (at least it will be xor encoded). See this [post](https://stackoverflow.com/a/6355992/3701228) how to access such alias from the code - – Gas Oct 17 '17 at 22:10