Hello to all.
As we all know, config file of the project is very important and necessary file.
Also there is a lot of security info inside, like DbUser and DbPass.
Is there any way to secure config file (maybe encrypt it correctly)?
Thanks!
Encrypt config file.
- leoknipp
- Posts:2928
- Joined: Tue Aug 24, 2010 7:28 pm
Re: Encrypt config file.
It is not possible to encrypt the config file.
When you have configured the username and password for the DB connection using the RDB configuration panels you can remove the entries from the config file as far as I know.
Best Regards
Leopold Knipp
Senior Support Specialist
When you have configured the username and password for the DB connection using the RDB configuration panels you can remove the entries from the config file as far as I know.
Best Regards
Leopold Knipp
Senior Support Specialist
- NFedorenko
- Posts:45
- Joined: Wed Jun 15, 2016 5:41 pm
Re: Encrypt config file.
Great, but that is not a solution, because dpPass and dbUser is just one of examples.
Maybe in future config file will be encrypted?
I guess this function will be very useful while information security specialist will be checking system configuration.
Maybe in future config file will be encrypted?
I guess this function will be very useful while information security specialist will be checking system configuration.
- nmnogueira
- Posts:125
- Joined: Thu May 05, 2011 12:59 pm
Re: Encrypt config file.
Just a note regarding DbUser and DbPass: it seems that they are only saved for certain passwords.
With my particular password I have to keep those entries in the config file, as the system cannot save them. I have no idea why...
With my particular password I have to keep those entries in the config file, as the system cannot save them. I have no idea why...
- leoknipp
- Posts:2928
- Joined: Tue Aug 24, 2010 7:28 pm
Re: Encrypt config file.
Which are the other examples for information which is written in plain text to the config file?
The project user and password shall not be written to the config file. If it is defined in the file you get a warning when starting a process.
I got the information from our security that there is no need to encrypt the file. By permission rules in the operating system you have to protect the file from unauthorized write access (see WinCC OA Security Guideline).
Best Regards
Leopold Knipp
Senior Support Specialist
The project user and password shall not be written to the config file. If it is defined in the file you get a warning when starting a process.
I got the information from our security that there is no need to encrypt the file. By permission rules in the operating system you have to protect the file from unauthorized write access (see WinCC OA Security Guideline).
Best Regards
Leopold Knipp
Senior Support Specialist
- kilianvp
- Posts:443
- Joined: Fri Jan 16, 2015 10:29 am
Re: Encrypt config file.
use cryptAES/decryptAES and store the key in a crypted ctl