| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
Previous |
Next |
View PDF |
The RC2 algorithm encrypts passwords stored in the eapps.cfg file with a 56-bit encryption key. Passwords are written to the file in encrypted form when you configure the SWSE. (Optionally, you can turn off encryption and use clear-text passwords in this file.) Values for the following parameters are subject to encryption in the eapps.cfg file:
AnonPassword (whether this parameter appears only in the [defaults] section or also in the application-specific sections of the eapps.cfg file)
SiebEntSecToken (Siebel Enterprise security token)
TrustToken
For more information about the SiebEntSecToken parameter, see "Changing the Siebel Enterprise Security Token".
After you initially configure the SWSE, encryption behavior is subject to the status of the EncryptedPassword parameter. This parameter is added to the eapps.cfg file, with a value of TRUE, when you configure the SWSE.
The status of the EncryptedPassword parameter and the encryption status of the passwords themselves must match. That is, if the parameter is TRUE, then the password parameter values must be encrypted, and if the parameter is FALSE, then the passwords must not be encrypted.
|
Note: If the EncryptedPassword parameter does not exist in the eapps.cfg file, then the default behavior is the same as if EncryptedPassword is set to FALSE. It is recommended that you set the value of the EncryptedPassword parameter to TRUE. |
When an anonymous user password is used (during application login or anonymous browsing sessions), the encrypted password is decrypted and compared to the value stored for the database account (specified using the AnonUserName parameter).
The account and password are created using the standard Siebel database scripts, and must already exist in the Siebel database when you configure the SWSE. If you change the password for this account after setting up your system, then you must update the password stored in the eapps.cfg file. For information about updating encrypted passwords, see "Encrypting Passwords Using the encryptstring Utility".
