Encrypting Paths and Other Sensitive Data Using PathScrambler

Use the Pathscrambler to encrypt logon strings and other sensitive information in assignment files, servlet settings, the open ProcScript command, and the /log (login) command line switch.

The pathcrambler.exe is a command line utility that uses switches to control the input and actions performed.

Note: As of Uniface 9.7.05.035, the Pathscrambler appends a digest to any assignment file line or string in which it has encrypted delimited text. This has consequences if you need to change or add something to an existing assignment file or connection string. For more information, see Pathscrambler Compatibility Issues.

Encrypt Sensitive Information in an Assignment File

  1. Edit the assignment file, marking strings for encryption using the encryption delimiters (( and )). For example:
    ; ASN file myapp.asn
[DRIVER_SETTINGS]
MQL     U4.0
DB2	 U4.0

[PATHS]
$DB       MQL:database|((username))|((password))
$REM_DB   TCP:((machine1+port|user|passwd)) + DB2:((database.schema|db2user|db2passwd))

[LOGICALS] 
main = ((prettycat))
  2. Run the pathscrambler executable and specify the assignment file. For example:

    pathscrambler -infile D:uniface\projects\myapp.asn

    Pathscrambler creates a file called FileName.asn.enc with the designated strings encrypted and encoded. The encryption delimiters have been replaced by decryption delimiters (! and !) and a digest added (within double parentheses) to each line containing encryption. For example:

    ; ASN file myapp.asn
[DRIVER_SETTINGS]
MQL  U4.0
DB2	 U4.0

[PATHS]
$DB       MQL:database|(!AmTJX5RGQOFPF3ID4/4nk1jljMnEf9bIoKILbIjpoxBH!)|(!AkCiDZD4OCQBfbxPoGl3vrrPa+47cjvBQrzHEo1SBGzE!)((AlHCQrTMLE519Ps+GVOwKFk=))
$REM_DB   TCP:(!ApQliwT8Fr7JG6vmf1oI0uu3pgLOA8aVAkoyg0r6AkFMpj2XHAM+0vwxrGhk76PEHA==!) + DB2:(!Ah45YjyJAyww0P9MqQSj0FdlwsYLqF2oO6OK87MMyAmsDjOFKt3gSzqH1CDIZdP6hr7XF+JyGaBDoyXc82El/TM=!)((AndXmGBQiBFWibEln2dmea0=))

[LOGICALS] 
main = (!AiE9YxNVF0Plgc5BjDVDRjwhK20iXRZ2vwzz8GElMeSc!)((AtsFiW3p8cEzJcjfEjz9vms=))
  3. Rename the encrypted file produced by Pathscrambler, or copy the lines containing the encrypted definitions into an assignment file.

    Tip: Make sure that you keep an unencrypted copy of the original assignment file or string. You can modify any line that contains no encryption. However, if you need to change or add something an encrypted line, you must edit the original file and then re-encrypt.

Encrypt a String for Use in ProcScript or Login

You can encrypt a connection string for use in the open ProcScript command or the /log (login) command line switch.

  1. Run pathscrambler with the -instr switch and specify the entire LogonParameters string within encryption markers (( and )) to designate the data to be encrypted.

    For an open statement string, no driver should be specified, because that must be specified in the assignment file:

    pathscrambler -instr "((db_name|db_user|db_password))"

    For the /log command line switch, the string should start with a path that is specified in the assignment file, such as $DB_PATH. For example: 

    pathscrambler -instr "(($db_path:db_name|db_user|db_password))"

  2. Copy the resulting encrypted string, including the digest to your open or /log command. For example:

    open (!AkROgF78qqhLj/clYeV8NoT8WjDdWwt+ZDbR50NjJgsWtv56hO//FiA3wqbrtstwyg==!)((Aq5MXaYqxZDlGmC/krzUYJk=)) 
    uniface /log=(!AtUPHT/1qI1TnnmNZZuN6B088IfGIvuVNJOTC89GEhytblWkqpF7GUOMQMbZlMK1UIKDleCuJFleOUiaohaKPKk=!)((An56FIHyHtn1pqemn2T6/M4=))

Encode a WRD Setting for Connecting to Web Server

The MIDDLEWARE setting in the web.xml file specifies a connection string for the Uniface Web Application Server.

To encode it:

  1. Locate the MIDDLEWARE setting in the web.xml file. For example:
    <init-param>
<param-name>MIDDLEWARE</param-name>
<param-value>UV8:host.domain.com+13001|userver|userver|webasv</param-value>
</init-param>
  2. Copy the substring after the string UV8:, in this case host.domain.com+13001|userver|userver|webasv.
  3. Run pathscrambler from the command line, using the -path switch plus the pasted string within double quotes, and direct it to an output file: 
    pathscrambler.exe -path "host.domain.com+13001|userver|userver|webasv" >output.txt
  4. Copy the scrambled data from the text file, for example: 
    (eC=~`G1of65leS0q]6=pO~A~I@EsbLR~^\N6^\N<`\Jhgj^hgj|7^SNlg7]9)
  5. Insert a CDATA section in the web.xml file, which starts with '<![CDATA[' and ends with ']]>':
  6. Paste the scrambled path into the MIDDLEWARE setting:
    <param-value>
<![CDATA[UV8:(eC=~`G1of65leS0q]6=pO~A~I@EsbLR~^\N6^\N<`\Jhgj^hgj|7^SNlg7]9)]]>
</param-value>

Encode Paths in an Assignment File

Note: If you have security concerns about the contents of your assignment files, we recommend that you encrypt paths (using -instr or -infile) rather than encoding them.

To encode only the paths in the [PATHS] section of an assignment file using Base64:

  1. Run pathscrambler and specify the assignment file containing the path definitions:

    pathscrambler -asn FileName.asn

    Pathscrambler creates a file called FileName.asn.enc

  2. Copy the encoded path definition into the original assignment file.

    For example, for an assignment file called data.asn that contains the following:

    [DRIVER_SETTINGS]
MSS     U4.0

[PATHS]
$MSS    MSS: mydb:|admin|secretpw

    Pathscrambler creates a file called data.asn.enc containing the following:

    [DRIVER_SETTINGS]
MSS     U4.0

[PATHS]
$MSS=MSS: (f\ho]nt<]SVpeS1<g6RngiR4gLg9)