Exago Logo
Search
Generic filters
Exact matches only

Admin Console Password Encryption

Beginning with v2017.3, the Admin Console password is now encrypted by default when entered into the Admin Console or when set through an API call. This is done to increase the security of credential storage by preventing plain text passwords from being saved to disk in the unencrypted version of the configuration file.

Caution

If updating from an older version, existing passwords will not be encrypted automatically.

There are two ways to set an encrypted Admin Console password: Using the Admin Console or the API.

Using the Admin Console

  1. Browse to the Admin Console
  2. Navigate to TreeGeneral.png General > TreeGeneralNode.png Other Settings.
  3. Enter the desired password into the Password and Confirm Password fields
    pass.png
  4. Click Apply or Okay

To verify that the configuration contains the encrypted password, open the XML config file in a text or XML editor and locate the <password> node.

enc_pw.png

The value should be an encrypted string surrounded by brackets [ ].

Using the API

To add an encrypted password to a programmatically generated config file:

 api.General.Password = api.General.EncryptPassword("mypassword");
 api.SaveConfigToFile(); // Save the configuration file to disk

For versions pre-2019.2:

api.General.Password = api.General.EncryptPassword("mypassword");
api.SaveData(); // Save the configuration file to disk

To verify whether two passwords match:

bool IsMatch = api.General.CheckPassword("mypassword", api.General.Password);

To verify if an existing password is encrypted:

bool IsEncrypted = api.General.IsHashedPassword(api.General.Password);

Additional information

Password encryption is one-way. An encrypted password cannot be decrypted into plain text.

The encryption algorithm used is SHA-256. Passwords are salted.

Important

We still recommend that the plain text config file (e.g. WebReports.xml) is removed in favor of the encrypted config file (e.g. WebReports.xml.enc) in a production environment. See Security Checklist for more information.

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents