Password encryption.

[pankaj.puranik]

Hi

When we use CMOD with DB2, the configuration file doesnot have password specified.
Whereas if we use CMOD with ORACLE, the config file has the password in it.
Why is this so?

Is there a way to encrypt this password and have a decryption mechanism?
Having password clearly written in the cfg file posses a security threat and is not acceptable.

Any one having any suggestions?

Thanks
Pankaj.

[kbsiva]

Hello Pankaj,
  I am not sure if there is any CMOD utility. I have a custom code that can encrypt and decrypt the password. Looks like in version 9 this is being handled, there is an arsstash  command.  We have not upgraded to version 9 yet but this should help take away this extra step.

http://www-01.ibm.com/support/docview.wss?uid=swg21608635

Thanks
Siva

[pankaj.puranik]

Thanks Siva. I was unaware of this information.
But I still have one question to everyone.

In case of CMOD with DB2, how is the password supplied to DB2 because we do not specify any password in the cfg file.
In case of CMOD with ORACLE, it is specified in the cfg file.

[pankaj.puranik]

This seems to be the reason.
When we install CMOD with DB2, we do the database and CMOD installations with the same user ID.
Since CMOD and DB2 are both IBM products DB2 probably does the validation internally as the suer ID that CMOD comes in with is also a privileged user in DB2.
In case of ORACLE, the database security doesnot allow CMOD to get into without password as ORACLE is a non-IBM product.

[Justin Derrick]

In DB2, the fact that you're logged in as a particular user on the local machine, is authentication to talk to the database (it doesn't hurt that you're likely in the SYSADM group either).  It's been years since I worked with Oracle, but I suspect it doesn't have this authentication method, or it's not enabled by default.

This page is from DB2 v8, but I think most of it is still true:

http://publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp?topic=/com.ibm.db2.udb.doc/admin/c0005435.htm

[Alessandro Perucchi]

Hello Pankaj,

Well you need to be aware that the user management of DB2 and Oracle are quite different.

In DB2, the user are defined in the OS (Unix or Windows), and by default, if you are the instance owner of your database, then you are "automatically" authorised in the database. That's why CMOD installation guide wants you that you install CMOD with the instance owner, that way you are "directly" connected with the database.
-> No password needed.

In Oracle, you need to define an internal user in Oracle, so it means you need to know the password of this internal user in order to connect to the database. With that idea, you must provide the user/password somewhere.
In CMOD 7.X and 8.X you will write it in clear text in the ars.cfg file.
With CMOD 9.X you finally can save the Oracle password in a stash file encrypted.

Now with Oracle, there is a way that you don't need a password, and if you are a OS user (Unix or Windows), then you'll be "automagically" connected to the database.
 (like a    sqlplus / ). Does it work with OnDemand? Well I've tried it... maybe, maybe not.

Sincerely yours,
Alessandro