Date Posted: 2018-09-12
Product: TIBCO Spotfire®
Product: TIBCO Spotfire®
Encrypting password sensitive sections in TIBCO Spotfire Web Player service configuration files
This article explains if there is a way to encrypt the clear-text password in the "Spotfire.Dxp.Worker.Host.exe.config" file located at <Spotfire server-installation directory>\tss\<version>\tomcat\bin\config\root\ in the "DataAdapterCredentials" settings section.
The active configuration files inside the <Spotfire server-installation directory>\tsnm\<version>\nm\services folder contain the sensitive password sections already encrypted by default since "encryptConfigurationSections" setting in "Spotfire.Dxp.Worker.Core.config" is set to true by default. ?Spotfire.Dxp.Worker.Core.config: This configuration file specifies settings for the service's communication with the Spotfire Server, and if sections in configuration files should be encrypted.
<Spotfire.Dxp.Worker.Host> <!-- protectSectionEncryptionProvider: The name of the algorithm to use when encrypting sections of the configuration files. --> <!-- See https://msdn.microsoft.com/en-us/library/68ze1hb2.aspx for more information. --> <cryptography encryptConfigurationSections="true" protectSectionEncryptionProvider="DataProtectionConfigurationProvider" /> </Spotfire.Dxp.Worker.Host>Note: These configuration files are local copies of the centrally managed service configuration files and should not be edited manually as they will get overwritten with service configurations stored on the TIBCO Spotfire Server any time the service is restarted. If you do need to make changes to the service configuration, see the reference Manually editing the service configuration files.
The configuration files in <installation directory>\tss\<version>\tomcat\bin\config\root\ folder are the manually exported configuration files left behind during the service configuration exports via the export-service-configuration command, which do contain readable passwords. Spotfire does not require this exported configuration to work and they can be removed or secured (for example, with a password protected zip file) when no longer required. The export-service-configuration command can also export these files to any path with the optional [destination directory] parameter, so these unmasked configuration files may be present in other locations. Doc: Spotfire.Dxp.Worker.Core.config file