Differences

This shows you the differences between two versions of the page.

--- en:software:tim:encryption_tim [2018/06/25 13:59]
Philipp Deycke [E-Mail Configuration]
+++ en:software:tim:encryption_tim [2018/06/25 14:00]
Philipp Deycke [E-Mail Configuration]
@@ Line 1: / Line 1: @@
+\\
+\\
+\\
+\\
+==== Jboss encryption module and web frontend for TIM===
+------
+TIM encoder uses a Jboss module for encryption and to validate keys. The encryption is used e.g. for database connections and third-party applications within the configuration files in order to hide sensitive information like usernames and passwords from plain sight.
+To use this module the following steps need to be done:
+  - Add the encoder.war of the TIM Encryption Webarchive
+  - Modiy the standalone-tim.xml
+  - Generating a java key with web-interface or console
+  - Use encryption with TIM
+\\
+==== Add the encoder.war of the TIM Encryption Webarchive ====
+----
+To enable TIM to encrypt usernames and passwords and to use those encrypted values insert the encoder.war to the standalone\deployments folder in your %JBOSS_HOME% e.g. C:\tim\jboss-eap-7.1\standalone\deployments. Upon JBoss startup it will deploy automatically.
+\\
+==== Modify the standalone-tim.xml ====
+----
+{{ :en:software:tim:encryption_datascource.png?800|}}
+Changes in the //standalone.xml// are made accordingly. In your //subsystem datasource// below your database
+implemet:
+<code>
+<security>
+	<security-domain>secDomDS</security-domain>
+</security>
+</code>
+as can be seen in the first screenshot.
+In the //subsystem security// add:
+<code>
+<security-domain name="secDomDS" cache-type="default">
+	<authentication>
+	<login-module code="org.picketbox.datasource.security.TimSecureIdentityLoginModule" flag="required">
+		<module-option name="username" value="$enc$c5507593f47122e"/>
+		<module-option name="password" value="$enc$-3c3702fd5f714bd0045dcdcdd12584c8"/>
+	</login-module>
+	</authentication>
+</security-domain>
+</code>
+as can be seen in the screenshot below.
+\\
+\\
+{{:en:software:tim:encryption_securitydomain.png?600|}}
+\\
+\\
+==== Generating a java key with web-interface or console====
+-----
+There are two ways to encrypt your credentials. Either with the web-interface or with via the console.
+The module can be called via the web-interface e.g. http://your_tim_url:port/encoder/ . In oder to encrypt a secret insert use the text field and hit the //encrypt secret// button. To validate a encrypted secret past the secret in the correct text field and hit the //validate encrypted secret// button. This method can as well be used to encrypt any secret in e.g tim.properties or dashboard.properties.
+{{:en:software:tim:encryption_encoder.png?600 |}}{{ :en:software:tim:encryption_encoder2.png?600 |}}
+To encode your credentials via console use the following commands:
+\\
+\\
+to generate a key:
+<code>
+java -cp modules/system/layers/base/org/picketbox/main/tim-encoder-module.jar:modules/system/layers/base/org/picketbox/main/picketbox-4.1.1.Final-redhat-1.jar org.picketbox.datasource.security.TimSecureIdentityLoginModule '123'
+</code>
+\\
+to validate password-key combination:
+<code>
+java -cp modules/system/layers/base/org/picketbox/main/tim-encoder-module.jar:modules/system/layers/base/org/picketbox/main/picketbox-4.1.1.Final-redhat-1.jar org.picketbox.datasource.security.TimSecureIdentityLoginModule '123' '$enc$b530c41fe274111'
+</code>
+\\
+to validate the key:
+<code>
+java -cp modules/system/layers/base/org/picketbox/main/tim-encoder-module.jar:modules/system/layers/base/org/picketbox/main/picketbox-4.1.1.Final-redhat-1.jar org.picketbox.datasource.security.TimSecureIdentityLoginModule '' '$enc$b530c41fe274111'
+</code>
+\\
+====TIM Properties====
+-----
+In //tim.properties// credentials can be encrpyted with the encoder or the console and replace plain text usernames and passwords. As an example the image shows setting and editing the superuser and client-administrator passwords: \\
+{{:en:software:tim:encryption_timproperties.png?400|}}
+\\
+====E-Mail Configuration====
+-----
+In the properties of the client unter the category //mail server// are the paramters //SmtpUser// and //SmtpPassword//.\\
+ These credentials can be encrypted accordingly to the methods above and as shown in the example. {{ :en:software:tim:encryption_mailserver.png?600 |}}
+\\
+====Actionhandler====
+-----
+Actionhandler like HTTPRequestHandler or RunSqlScriptHandler use credentials that can be encrypted by said methods. The example shows the RunSqlScriptHandler where ${user} and ${pass} are passed on encrypted via smartform:
+{{:en:software:tim:encryption_runsqlscripthandler2.png?600 |}}{{ :en:software:tim:encryption_runsqlscripthandler.png?1000 |}}
+\\
+\\
+\\
+====Timer====
+-----
+Just like //actionhandler// TIM can encrypt nessesary credentials for //timer// as well and hide them from plain text. The example shows the Timer signalByMailReply:
+{{ :en:software:tim:encryption_signal.png |}}
+\\

iGrafx Automation Wiki

User Tools

Site Tools

Differences

Page Tools