Security Guide for Siebel eBusiness Applications > Changing or Adding Passwords >

Managing Encrypted Passwords in the eapps.cfg File

Passwords stored in the eapps.cfg file are encrypted. Passwords are written to the file in encrypted form when you configure the SWSE. (Optionally, you can turn off encryption and use clear-text passwords in this file.)

Values for the AnonPassword parameter are subject to encryption, whether this parameter appears only in the [defaults] section or also in application-specific sections of the eapps.cfg file. The value for the WebUpdatePassword parameter (Web update protection key) is also encrypted.

For more information about the WebUpdatePassword parameter, see Adding a Password for Updating Web Server Static Files.

After you have initially configured SWSE, encryption behavior is subject to the status of the EncryptedPassword parameter. This parameter is added to the eapps.cfg file, with a value of TRUE, when you configure the SWSE.

The status of the EncryptedPassword parameter and the encryption status of the passwords themselves must match. That is, if the parameter is TRUE, then the password parameter values must be encrypted, and, if the parameter is FALSE, the passwords must not be encrypted.

NOTE:  If the EncryptedPassword parameter does not exist in the eapps.cfg file, the default behavior is the same as if EncryptedPassword = FALSE. It is strongly recommended to keep EncryptedPassword = TRUE in eapps.cfg.

When an anonymous user password is used (during application login or anonymous browsing sessions), the encrypted password is decrypted and compared to the value stored for the database account (specified using the AnonUserName parameter).

The account and password are created using the standard Siebel database scripts, and must already exist in the Siebel Database when you configure the SWSE. If you change the password for this account after setting up your system, you must update the password stored in the eapps.cfg file.

For more information about parameters in the eapps.cfg file, see Parameters in the eapps.cfg File.

Encrypting Passwords Using the encryptstring Utility

Using the Siebel Enterprise configuration utility to change an anonymous user password, or the Web update protection key, automatically saves the password in encrypted form.

If, however, you need to manually add an encrypted value for the corresponding parameters in the eapps.cfg file (AnonPassword or WebUpdatePassword), use the encryptstring.exe utility to generate the encrypted value to provide as the parameter value.

NOTE:  If you want to use different database accounts for the anonymous user for different applications, you must manually update the eapps.cfg file.

The encryptstring utility is installed with both the Siebel Server and the SWSE. It is located in the SIEBSRVR_ROOT\bin and SWEAPP_ROOT\bin directories, where SIEBSRVR_ROOT is the Siebel Server installation directory, and SWEAPP_ROOT is the SWSE installation directory.

To generate as output an encrypted value for a password, enter the following command:

encryptstring clear_text_password

For example, if you want to store the encrypted version of GUESTCST, a password you might initially specify for the anonymous user account, you would enter:

encryptstring GUESTCST

The command output in this case may be something like fhYt8T9N4e8se4X3VavTjQXwAEqm. (The specific value that is output will change each time you use the encryptstring utility.)

CAUTION:  Although the anonymous user has limited privileges, it is generally recommended to use more secure passwords for production deployments of your Siebel applications. The section Changing Default Passwords describes changing passwords for database accounts and also for corresponding values in parameters stored on the Siebel Gateway Name Server. For anonymous user accounts, changing passwords involves changing passwords for database accounts and changing passwords in the eapps.cfg file, as described earlier in this section.