Jump to content
JasperReports Library 7.0 is now available ×

How are users' password protected in Jasper Server?


laggybuggy
Go to solution Solved by laggybuggy,

Recommended Posts

  • Replies 5
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

To enable encryption, check section 5. Password encryption in the JasperReports Server installation manual

https://community.jaspersoft.com/documentation/tibco-jasperreports-server-installation-guide/v71/installing-war-file-using-js-insta-0

 

The default_master.properties file has a property setting to enable encryption of passwords that reside on the file system. This applies to all files found under the buildomatic folder, as well as the connection pooling file used by Apache Tomcat (context.xml). Currently, password encryption for connection pooling supports only the Tomcat application server.

To enable encryption on the file system, uncomment the encrypt property so it looks like this:

encrypt=true

Link to comment
Share on other sites

Thanks for your responses @elizam and @hozawa. But what I mean is something like the below.

In version 3.7, the password of a user can easily be retrieved in the Users module using Developer Tools in Chrome as seen below.

Unencrypted Password

In version 6.4.3, this is no longer available.

User password no longer shown

Also, if you check the DB entries for the users, the password stored there is encrypted as well. I'd like to know the encryption mechanism.

Link to comment
Share on other sites

Not sure if this is what you're asking for but if you look at default_master.properties file, there's something like the following line. This is the default.

# encrypt=true
# build.key.algo=AES
# build.key.size=128
# enc.transformation=AES/CBC/PKCS5Padding
# enc.block.size=16
# propsToEncrypt=dbPassword

JasperReports Server is using Spring Security. Have you checked the following manual?

https://community.jaspersoft.com/documentation/tibco-jasperreports-server-security-guide/v71/introduction

Link to comment
Share on other sites

  • Solution

Thanks @hozawa for getting back with me. The one you sent is used to encrypt passwords in configuration files.

I used your reference, though, to check for v6.4.X series and it lead me to this article: https://community.jaspersoft.com/documentation/tibco-jasperreports-server-security-guide/v640/encrypting-user-passwords. There's a part there for cipher transformation. It is the one used to encrypt user passwords in the DB.

Thanks a lot!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...