For audit and security purposes, always store sensitive
information, such as passwords, in an encrypted format.
About this task
There are other database-related scripts, for example:
If the argument is not passed, you are prompted for the database
password. If the encrypt_password parameter is set
to no or is not set at all, you can run the scripts
without the dbpassword argument. Depending on the
value of the encrypt_password parameter, the db.xml file
stores either the plain text password or encrypted password.
Procedure
- Add the
encrypt_password parameter to
the [db] section of the env_settings.ini file.
- Set the
encrypt_password parameter to yes if
you want the password to be encrypted. Note: If you do
not want to encrypt the password, keep the password parameter, as
is, in the [db] section.
- Run the
bin/configureEnv.sh -dbpassword=<database
password> command. You are prompted to enter the password if
it is not given as an argument. For example, if the --overwrite option
is not used, a warning displays asking that you to run the script
with the dbpassword argument. If the encrypt_password parameter
in the env_settings.ini file is not set or set
to no, the dbpassword argument is
not required for the configureEnv.sh script.
- Confirm that the script created the db.xml file
in the $TOP/etc/default directory.
This
step is important because:
- It is the only place from where the Java™ code
can read the encrypted password or plain text password
- The decrypted password can be used in a JDBC connection.
- Whenever any of the database-related properties in the
[db] section
of the env_settings.ini file are changed, run
the bin/configureEnv.sh -dbpassword=<database password> command
to re-create the db.xml file. You are prompted
to enter the password if its not given as an argument. In this case,
if the encrypt_password parameter in the env_settings.ini is
not set or set to no, the dbpassword argument
is not required for the configureEnv.sh script.
- Confirm that the script created the db.xml file
in the $TOP/etc/default directory.
This
step is important because:
- It is the only place from where the Java code
can read the encrypted password or plain text password
- The decrypted password can be used in a JDBC connection.
- With this change, if you create IBM® Product Master schema, start
create_schema.
For example:
bin/db/create_schema.sh -dbpassword=<database password>
You
are prompted to enter the password if its not given as an argument.
If the
encrypt_password parameter in the
env_settings.ini file
is not set or is set to
no, the
dbpassword argument
is not required for the scripts.
- Run the
bin/test_db.sh -dbpassword=<database password> command. You
are prompted to enter the password if its not given as an argument. If the
encrypt_password parameter in the env_settings.ini file is
not set or is set to no, the dbpassword argument is not required
for the scripts.
- encrypt_password
- If you choose to encrypt the database password, add the encrypt_password
parameter to the
[db] section of the env_settings.ini file, and
set it to yes. Remove the password parameter from the
[db] section of the env_settings.ini file. This ensures that the
database password is not present anywhere in the text format. It is present only in the encrypted
format in the db.xml file. If you choose to leave the database password in plain
format, add the encrypt_password parameter to the [db] section
of the env_settings.ini file, and set it to no. Keep the
password parameter in the [db] section of the
env_settings.ini file as in earlier versions of Product Master.Remove the following properties from the
common.properties file:
db_userNamedb_passworddb_urldb_class_name