laggybuggy Posted August 22, 2018 Share Posted August 22, 2018 We installed a new version of Jasper Server Community Edition (v64.3) coming from an obsolete version (v3.7). We noticed that the password of users have already been obscured. I want to know what mechanism were used from password protection? What type of encryption? Link to comment Share on other sites More sharing options...
elizam Posted August 22, 2018 Share Posted August 22, 2018 Password encryption is described in the Security Guide: https://community.jaspersoft.com/documentation/tibco-jasperreports-server-security-guide/v71/encrypting-passwords-configuration-files Link to comment Share on other sites More sharing options...
hozawa Posted August 22, 2018 Share Posted August 22, 2018 To enable encryption, check section 5. Password encryption in the JasperReports Server installation manualhttps://community.jaspersoft.com/documentation/tibco-jasperreports-server-installation-guide/v71/installing-war-file-using-js-insta-0 The default_master.properties file has a property setting to enable encryption of passwords that reside on the file system. This applies to all files found under the buildomatic folder, as well as the connection pooling file used by Apache Tomcat (context.xml). Currently, password encryption for connection pooling supports only the Tomcat application server.To enable encryption on the file system, uncomment the encrypt property so it looks like this:encrypt=true Link to comment Share on other sites More sharing options...
laggybuggy Posted August 23, 2018 Author Share Posted August 23, 2018 Thanks for your responses @elizam and @hozawa. But what I mean is something like the below.In version 3.7, the password of a user can easily be retrieved in the Users module using Developer Tools in Chrome as seen below.In version 6.4.3, this is no longer available.Also, if you check the DB entries for the users, the password stored there is encrypted as well. I'd like to know the encryption mechanism. Link to comment Share on other sites More sharing options...
hozawa Posted August 24, 2018 Share Posted August 24, 2018 Not sure if this is what you're asking for but if you look at default_master.properties file, there's something like the following line. This is the default.# encrypt=true# build.key.algo=AES# build.key.size=128# enc.transformation=AES/CBC/PKCS5Padding# enc.block.size=16# propsToEncrypt=dbPasswordJasperReports Server is using Spring Security. Have you checked the following manual?https://community.jaspersoft.com/documentation/tibco-jasperreports-server-security-guide/v71/introduction Link to comment Share on other sites More sharing options...
Solution laggybuggy Posted August 24, 2018 Author Solution Share Posted August 24, 2018 Thanks @hozawa for getting back with me. The one you sent is used to encrypt passwords in configuration files.I used your reference, though, to check for v6.4.X series and it lead me to this article: https://community.jaspersoft.com/documentation/tibco-jasperreports-server-security-guide/v640/encrypting-user-passwords. There's a part there for cipher transformation. It is the one used to encrypt user passwords in the DB.Thanks a lot! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now