4 Replies Latest reply on Jan 30, 2013 3:23 AM by Curt Wilson

    FDM script password encryption

    933761
      I am currently on Hyperion 11.1.2.1 which runs on Windows 2008 Server SP1 and use Oracle Database 10 G as backend.

      Currently i have a script within FDM application which pulls data from database and loads into worktable of the FDM application.
      It all works fine and does the job as expected.

      But the only problem with this script is the passwords are in a readable format which is specified in the connection parameters as below

      Code Snippet :

      Dim connectionString

      '* Create the connection
      Dim connection: Set connection = CreateObject("ADODB.Connection")
      Dim rows: Set rows = CreateObject("ADODB.Recordset")
      connectionString = "Provider=msdaora;Data Source=TestRdbms;User Id=Testuser;Password=password567;"


      '* Open connection
      Connection.Open connectionString


      Is there a way to ensure that password is encrypted or not read by users/admin. ?
      Please give your suggestions on this .
        • 1. Re: FDM script password encryption
          SH_INT
          Couple of options here:

          1) Use a udl instead of hard coding the connection string into the script.
          2) If you are using unified logon you can hijack the global user security settings to paramaterize your connection string. In the integration settings for the adpater enter the name of the user and password against the place holders for global user and password. The globaluser password is not shown to the end user via this method and these integration options can be refrenced in your integration script
          1 person found this helpful
          • 2. Re: FDM script password encryption
            933761
            SH,
            Can you give me more information on how we can call UDL file from within the script ?

            FOr the second option : The username which is being used in the connection string is schema user name.How can we reference this ?
            • 3. Re: FDM script password encryption
              SH_INT
              To use the udl from within your script simply replace your line

              connectionString = "Provider=msdaora;Data Source=TestRdbms;User Id=Testuser;Password=password567;"

              with

              connectionString = "File Name=C:\Path\To\Your\SourceDB.UDL;"
              • 4. Re: FDM script password encryption
                Curt Wilson
                Another option would be to store the password in a file that the user does not have access to. Set the permissions on the file so only the service account that FDM runs under and your admin team can have access to read/change it.

                You can go a step further by encrypting that file if you take the time to find an acceptable encryption/decryption routine. If you do a search on "vbscript encryption function" you can find some examples that can be pasted into a custom script. They are not the best encryption routines, but if you limit access to the actual file, it should reduce your exposure.

                Hope that helps,
                Curt
                1 person found this helpful