|Bookshelf Home | Contents | Index | PDF|
Unlike encryption that involves two-way algorithms (encryption and decryption), hashing uses a one-way algorithm. A clear-text version of a password is hashed using a Siebel utility, then stored in the database or in an external directory such as LDAP/ADS. During login, a clear-text version of a password is provided (such as by a user), which is then hashed and compared to the stored hashed password.
Password hashing is a critical tool for preventing unauthorized users from bypassing Siebel Business Applications and logging directly into the Siebel Database using an RDBMS tool such as SQL*Plus. It also prevents passwords intercepted over the network from being used to access the applications, because an intercepted hashed password will itself be hashed when login is attempted, leading to a failed login.
Credentials password hashing prevents users from being able to log into the Siebel Database directly using a password obtained through unauthorized access to the external directory, because the unhashed password will not match the hashed version stored in the database.
For more information about configuring each type of password hashing, see Configuring User and Credentials Password Hashing.
Siebel Systems provides a password hashing utility called hashpwd.exe. The default hashing algorithm is RSA SHA-1. For example, using the default option rsasha1 for the hashpwd.exe utility,
Configuration parameters for all Siebel-provided security adapters, and for custom security adapters you implement, specify the password hashing settings in effect. For each security adapter, parameters specify whether password hashing should be used for user passwords and/or credentials passwords, and, if so, which hashing algorithm to use.
For existing customers, the Siebel proprietary hashing algorithm (the mangle algorithm, formerly available through the utility encrypt.exe) is still available as an option for the hashpwd.exe utility. This option, called siebelhash, can also be specified as the value for the applicable configuration parameter. These parameters include
For more information about parameters for password hashing, see Configuration Parameters Related to Authentication.
NOTE: For information about managing encrypted passwords in the eapps.cfg file, see Managing Encrypted Passwords in the eapps.cfg File. The password encryption mechanism described there is unrelated to the password hashing mechanism described in this section.
|Security Guide for Siebel Business Applications|