Knowledgebase
How to Configure MFT Server to Hold Trading Partner Credentials in Encrypted Storage
Posted by John Villanueva on 10 July 2017 07:30 PM

To prevent malicious individuals from acquiring JSCAPE MFT Server admin credentials (e.g. passwords), these credentials are hashed using salted SHA1 and then it's those hashes that are stored in the JSCAPE MFT Server global datastore database. 

However, trading partner credentials (including passwords) and even entire trading partner configuration details are stored as an unencrypted JSON blob in the default H2 database file. This can make those credentials vulnerable to malicious individuals who are somehow able to penetrate the server and the database.

To address this security issue, you can use an encrypted database as your JSCAPE MFT Server global datastore. In fact, H2 DBMS (JSCAPE MFT Server's default database) supports whole DB file encryption. You can refer to this documentation page for details regarding H2 database encryption:

http://www.h2database.com/html/features.html#file_encryption

Alternatively, you can also use other RDBMS products that support encryption.

In addition, the URL and corresponding credentials that MFT Server uses to access its database are encrypted while stored in the etc/database.properties file. So, while anyone with access to the file can see the JDBC URL they would still be unable to make use of it unless they already know the database password and the database file encryption password if the H2 database has been encrypted.

 

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
Help Desk Software by Kayako fusion