System Password Encryption Options
The PTC Solution Installer (PSI) encrypts an initial set of system passwords that would otherwise be stored in plain text in installed files. A majority of the passwords are stored in Windchill and Info*Engine files. Additional passwords can be stored in files managed by third-party products. The following sections provide details on how to encrypt system passwords and details on the encryption mechanism itself.
Encrypting passwords that had previously been stored in plain text improves the password security of your Windchill solution. However, if you had previously used a text editor to view and change the passwords, you must change your process for managing the passwords. With encrypted passwords, you cannot examine the contents of Windchill files to determine password values. Instead, when passwords are set, your site process should include having a secure place outside of your Windchill directories for recording the passwords.
Since passwords are encrypted, ensure that there is a process established at your site to safely record the passwords set during the installation and to record those passwords set when managing Windchill. By implementing this process, system passwords are available to those who need them, but are not available to anyone else.
|
Windchill and the optional products that work with Windchill often create backups of files that are being modified before the modifications take place. The processes described in this topic only encrypt passwords that are stored in the latest version of affected files and do not encrypt passwords in any backup files that are present.
To ensure that there are no plain-text passwords in any files, you must remove all backups of files containing plain-text passwords. This includes removing the backup files created as part of the encryption process. For example, consider removing backups of the files that have plain-text passwords that are mentioned in the sections that follow (such as agent.ini and auth.properties).
Since system passwords are encrypted during installation, you do not need to the remove backup files for the site.xconf file or for property files with passwords that you may have backed up (such as wt.properties, db.properties, ie.properties, and esi.properties).
|