Operational Defect Database
BugZero updated this defect 58 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 374524
Watch4net APG 5: Switching to an encrypted password database
Last update date:
3/22/2024
Affected products:
Smart Assurance - Watch4net/M&R
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Symptoms
Watch4net APG 5: Switching to an encrypted password databaseHow to switch to encrypted password database in Watch4Net APG 5
Resolution
For an improved security, it is possible to switch to an encrypted database password. In APG revisions later than 1957, it is possible to encrypt user password in database. To enable this feature, please follow these steps: Edit APG.xml and add digest="SHA1" in the Realm block. The resulting APG.xml should look like the following example: <Context> <Resource name="jdbc/APG-DB" auth="Container" type="javax.sql.DataSource" maxActive="100" maxIdle="30" maxWait="10000" username="apg" password="watch4net" driverClassName="com.mysql.jdbc.Driver" removeAbandoned="true" removeAbandonedTimeout="60" logAbandoned="true" url="jdbc:mysql://localhost:53306/apg?autoReconnect=true" /> <Realm className="org.apache.catalina.realm.DataSourceRealm" dataSourceName="jdbc/APG-DB" localDataSource="true" userTable="user" userNameCol="username" userCredCol="password" userRoleTable="user" roleNameCol="rolename" digest="SHA1" /> </Context> Set the system property digest.algorithm to the selected algorithm (e.g. SHA1). On Windows, go to the Tomcat installation directory and run apgtomcatw.exe. You can add -Ddigest.algorithm="SHA1" in the command line argument field of the Java tab.On Unix, edit the apg-tomcat service file and add -Ddigest.algorithm="SHA1" to the JAVA_OPTS environnement variable. Encrypt the passwords in database in an irreversible way with the following query: UPDATE user SET password=SHA1(password);
