Converting Security

This EnterpriseOne Tools 9.1.3 enhancement improves the security of passwords stored in the database by replacing existing password encryption with one-way hash encryption. This conversion from the old encryption to the one-way hash encryption occurs in these instances:

• When a user login occurs AND the following setting is in the Enterprise Server jde.ini file:

  [SECURITY]

  ONTHEFLYMIGRATION=1

  During the user login, the security kernel checks whether the user record in the security table is stored using the old encryption. If it is stored using the old encryption, the kernel updates all user records in security tables to one-way hash encryption. Since this happens only once, the impact to the login process is minimal.

  Important: This setting is not available in Server Manager. An administrator must add this setting to the Enterprise Server jde.ini setting to enable one-way hash encryption for existing user passwords.

• When the administrator adds a user to EnterpriseOne.

  When the administrator adds a user record, a message is sent to the security kernel for processing. The security kernel encrypts the password using one-way hash encryption and inserts the user records in the security tables.

In summary, starting with EnterpriseOne Tools 9.1.3, new users added to EnterpriseOne will have their passwords encrypted with one-way hash. For existing users, EnterpriseOne will use one-way hash for password encryption only if you add the ONTHEFLYMIGRATION=1 setting to the Enterprise Server jde.ini file.