password encrypted

[tostay2003]

Hi,

We have been storing the password (& other information) required to access a database in a flat file.

Every time we needed to access the database, we are getting the information (password and others) from the file and passing on in the sequences.

Is there anyway that the password can be encrypted, i.e. not even datastage developers to see it.

Regards

[DSguru2B]

Well , run a job with encrypted password. Just from the director. Double click on the job and see all the values of the parameters. In there you will also see some meaningless martian word. Thats the encryption of your password. Copy paste that and save it in your parameter file.

[tostay2003]

Did u mean that in a job, i need to go job properties there i need to select Encrypted from (string, Encrypted etc...). I get all some stars. And this i need to paste it in the file from where i am taking password.

will it not be some * characters if i do this??


Regards

[DSguru2B]

No my friend. You dont need to paste the astrix.
Do this:
Change it from string to encrypted.
Run the job.
Go to Director
Double click on the job name
A small window will appear listing all the parameters and its values used for the last run.
Among the entries, you will find entry for your password. You will not see the true password, just some characters (not astrix only).
Copy paste that in your parameter file. Thats your encrypted password.

[tostay2003]

Is there a possibility of reading externally (not by datastage) encrypted password stored in a file, to the datastage paramater value

[sud]

Is there a possibility of reading externally (not by datastage) encrypted password stored in a file, to the datastage paramater value

Reading parameters from a file can always be done through a routine (you can find numerous posts on how to do that) but the problem here is if you are storing the password in encrypted form in the file there has to be a decryption algo in place before u can pass the password to the datastage job.

[DSguru2B]

Well, the solution i gave worked for me in my previous project at the same client where i currently am. I looked at the unix script, the parameter file, and the directors log. My solution works. The password will be stored in encrypted form and will be passed as is to the datastage job. Try it. You will be surprised

[kumar_s]

Or call IBM you will be given another additonal routine ExecSHSilent. Which wont display the password out to the log.
Or you can frame your own encryption logic to store a encrypted password in a file and which inturns can be read and passed to the job during runtime after decryption.

[tostay2003]

yes sorry i misled, its the decryption algorithm which is important.

But DSguru, a small doubt, as right now i am having the password ( not encrypted) in the flat file.

But passing it to the a job as parameter which is of type Encryption. So the password gets encrypted and the log will contain encrypted password. So far I am clear.

But If i copy and paste the encrypted password in the flat file, then will the datastage not encrypt the already encrypted password again causing some new password which will not be able to access the database. How come it works if we do it this way?

[tostay2003]

But If i copy and paste the encrypted password in the flat file, then will the datastage not encrypt the already encrypted password again causing some new password which will not be able to access the database. How come it works if we do it this way?

I mean lets say we have

pw
pw_encrypt1
pw_encrypt2

So earlier case pw_encrypt1 was displayed on log and pw was passed to database. But now, it will display pw_encrypt2 and passes pw_encrypt1 to database ( Which will not be able to access the db, as the right password is pw).

Do I make sense or is it happening quite differently than what i am telling.

[DSguru2B]

Just try this test.
Run the job through designer with password type set to encrypted so that you can get the encrypted password from the directors log.
Copy paste that into your parameter file.
Like say your password parameter is pw, so your parameter file should have
-param pw=1@#r%6*&
Where 1@#r%6*& is the encrypted password.
Now run your your via the unix script that reads this file. It will run.
I am currently doing the exact same thing.
And no it will not encrypt the already encrypted password.

[tostay2003]

Hi,

Thanks for the help. I am going to try it today (monday). Yesterday was sunday, wasnt able to try.

I am sure it will work when you have said it :D . But I dont seem to get the concept. I wanted to know how the work goes on by the datastage for this encryption stuff (like pw, pw_encrypt1, pw_encrypt2). Does Datastage recognises that the pw_encrypt1 is the encrypted code by itself? Why doesnt it consider it to be pw ?

I will try to search few documents. Not sure if i can get them though.

Regards

[kumar_s]

The way you define in you job property. If you assign the PW as string, you may need to pass on the just the plain test, if you marked it as encrypted, datastage expects a string which it would try to decrypt during the run time.

[DSguru2B]

Exactly. Thankyou Kumar.
This also helps protect nosey developers from going in and getting the true password. But if you try to pass the ecrypted password from Designer or director, it doesnt work. Isnt that cool

[tostay2003]

The way you define in you job property. If you assign the PW as string, you may need to pass on the just the plain test, if you marked it as encrypted, datastage expects a string which it would try to decrypt during the run time.

The reason why I am confused here is that my present design (done by earlier developer) has Encrypt in job property and the value passed to it from the flat file is the un-encrypted password. Still the design works!!!!!