From ICM 188.8.131.52 the Managed Services Framework is able to encrypt passwords stored in the database. This guide provides information on how to migrate existing services.
Configure the desired service configuration parameter so that it can be encrypted. This can be done in the configdef folder of your service using the type
<parameter name="YourService.password" type="Password" position="60"> <labelKey>serviceparam.yourservice_password</labelKey> <descriptionKey>serviceparam.param.desc.yourservice_password</descriptionKey> </parameter>
This step enables the Managed Services Framework to encrypt the related parameter when storing new values in the back office. For encryption the current default encryption algorithm is used. Be careful to keep the encryption algorithm in your encryption.properties file, otherwise it will not be possible to decrypt the parameter value again.
For your service implementation, make sure that you use the Configuration Framework to access your service parameters. Do not access the parameters by using the
ServiceConfigurationPO object directly!
It is also possible to encrypt passwords during the DBPrepare process using the
ServiceConfigurationParameterPreparer. All parameters of type
Password are encrypted and stored in the database.
ServiceConfiguration.1.Parameter.1.Name=YourService.password ServiceConfiguration.1.Parameter.1.Value=yourPassword ServiceConfiguration.1.Parameter.1.Type=Password
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.