DSXchange

removed

Presumably this utility does not work with passwords encrypted strongly using the encrypt.sh (encrypt.bat) utility?

Easiest way to "recover" a password is to stick a basic routine / before call to write the password parameter to the log file. (i.e. no special job / tool required).

DS has to decrypt it for passing to external stages, so it is only secure before run / passing to DS and not while running. Which is to be expected.

just curious, whether this is an IBM supported utility or unauthorized one?

There's nothing "supported" about it.

In fact it almost certainly breaches the licence conditions of the author's Information Server installation (the part about reverse engineering).

I make that statement with no knowledge whatsoever of the tool.

removed

That will be interesting to see. AES-128 encryption should be impossible to break in a reasonable amount of time using the kind of hardware that most Information Server sites use.

Looks like this tool is useful for some users. Re-posting the link.

Cranie wrote:Easiest way to "recover" a password is to stick a basic routine / before call to write the password parameter to the log file. (i.e. no special job / tool required).

This, indeed, is a serious security threat within DataStage and has been adressed at IBM a number of times already. It should not be possible to print encrypted - or rather decrypted - variables to the log. And it should not be too difficult to disallow this by changing the way DataStage-Basic handles variables of this type, especially in functions like DSLogInfo.

FYI : This security 'hole' has been fixed in Datastage 8.7 .
You can no longer echo encrypted passwords to the job log using a Before after job subroutine that calls the password-storing Job Parameter/Env Variable.

Im not sure if the 'utility' mentioned is of much use with 8.7 and above. LOL