Procedure to encrypt worklight properties file in mobilefirst [duplicate] - ibm-mobilefirst

I'm using a IBM MobileFirst SQL adapter to get data from a AWS Oracle RDS.
In order to connect to the sql adapter, we need to provide the username, password, url and port. The connection works, however, how should I hash it so that no one can read it? This is to make it more secure. Is this possible?
<driverClass>oracle.jdbc.driver.OracleDriver</driverClass>
<url>jdbc:oracle:thin:#xxx.rds.amazonaws.com:1525/SchemaSample</url>
<user>Username</user>
<password>Password</password>
</dataSourceDefinition>

First, you're using a very old build of 7.1 and your team should consider updating both the client and server versions.
Second, just to clarify, you don't "connect to the sql adapter". Your client sends a request to the MobileFirst Server, to use the adapter in order to connect to the AWS Oracle RDS. It is the request of the adapter to the AWS that you want its properties hashed, or encrypted.
As for encrypting properties, this depends on the application server you've installed MobileFirst Server on (WAS, WAS liberty, or Tomcat). In general, the process is as follows:
If you're using Tomcat, you can create a custom property in the worklight.properties file, encrypt it as instructed here and then re-deploy the .war file.
If you're using WAS or WAS liberty, you can also create such custom property in worklight.properties, and then expose it as a JNDI entry in the application server. You can then encrypt it using the encryption tools provided by each application server.
See here for an example how to set it up: https://stackoverflow.com/a/25159260/1530814
Once you have it setup, you can now take care of the encryption by following the documentation of the tool for your application server.
Encryption tools by each application server (search for "Encoding the JDNI properties")

Related

Passing MSI token to flyway command line

When running the 'migrate' command of the flyway, the standard way to access DB is by providing user and password. In my case, it's Azure SQL DB and instead of user/password I have only MSI token. Is it possible to pass the token to the command line? Looking at the parameters of the 'migrate' command I couldn't find anything like that.
Azure Active Directory MSI Authentication is supported and please see the Microsoft documentation as it has more details about how these work with JDBC URLs, (link) to download the driver and the applicable connection string properties and client requirements but please note:
Supported since driver version v7.2, authentication=ActiveDirectoryMSI can be used to connect to an Azure SQL Database/Data Warehouse from inside of an Azure Resource with "Identity" support enabled. Optionally, msiClientId can also be specified in the Connection/DataSource properties along with this authentication mode, which must contain the Client ID of a Managed Service Identity to be used to acquire the accessToken for establishing the connection.
You could run this from an Azure AD Federated on-premise host or Azure host using the following java client example and then run the migrate command.

How to hash IBM MobileFirst SQL adapter username password url and port in xml file?

I'm using a IBM MobileFirst SQL adapter to get data from a AWS Oracle RDS.
In order to connect to the sql adapter, we need to provide the username, password, url and port. The connection works, however, how should I hash it so that no one can read it? This is to make it more secure. Is this possible?
<driverClass>oracle.jdbc.driver.OracleDriver</driverClass>
<url>jdbc:oracle:thin:#xxx.rds.amazonaws.com:1525/SchemaSample</url>
<user>Username</user>
<password>Password</password>
</dataSourceDefinition>
First, you're using a very old build of 7.1 and your team should consider updating both the client and server versions.
Second, just to clarify, you don't "connect to the sql adapter". Your client sends a request to the MobileFirst Server, to use the adapter in order to connect to the AWS Oracle RDS. It is the request of the adapter to the AWS that you want its properties hashed, or encrypted.
As for encrypting properties, this depends on the application server you've installed MobileFirst Server on (WAS, WAS liberty, or Tomcat). In general, the process is as follows:
If you're using Tomcat, you can create a custom property in the worklight.properties file, encrypt it as instructed here and then re-deploy the .war file.
If you're using WAS or WAS liberty, you can also create such custom property in worklight.properties, and then expose it as a JNDI entry in the application server. You can then encrypt it using the encryption tools provided by each application server.
See here for an example how to set it up: https://stackoverflow.com/a/25159260/1530814
Once you have it setup, you can now take care of the encryption by following the documentation of the tool for your application server.
Encryption tools by each application server (search for "Encoding the JDNI properties")

Can we use server configuration tool for MFP Foundation on IBM Container(Bluemix)?

Server Configuration Tool needs Database Settings(host,port,username,password,dbname) and AppServer Settings(installation directory,username,password) information. The tool also need to access database directly.
The MFPF docs doesn't provide such kind of information. Is there anyway to user server configuration tool for MFPF on ibm container?
It is not possible to use the Server configuration tool for IBM Containers deployment. The only current way is to use the scripts as provided and instructed, here: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-1/bluemix/run-foundation-on-bluemix/

Why is MobileFirst Server Configuration Tool not letting me deploy with libertyAdminUser and libertyAdminPassword?

I'm trying to deploy a MobileFirst server to a local Liberty server configured with an LDAP server.
When I try and deploy my server configuration the admin task fails due to lack of attributes for connecting to Liberty.
BUILD FAILED
C:\Users\Administrator\Documents\IBM MobileFirst Platform Server Data\Server Configuration Tool\Configuration_Hello MobileFirst Server\Hello MobileFirst Server.xml:88: The element <installWorklightAdmin>, <jmx libertyAdminUser=".." libertyAdminPassword="..."/> is missing. A default user cannot be created for this server.
I have tried updating the server configuration file manually before deploying, but the server configuration tool is just saving over the changes.
How can I resolve this problem from within the Server Configuration Tool?
The Server Configuration Tool in MFP 7.0 can't be used to make an install on a Liberty server that is configured with LDAP.
In the simplified install process of the Server Configuration Tool, it automatically creates a Liberty Administrator in a basic registry and this is not possible if Liberty is configured with LDAP.
If you don't want to create ant files manually, you can:
Export the ant files that you created with the Server Configuration Tool (Menu File/Export Configuration as Ant files...)
Edit them so that they have the right attributes in the jmx element (you need to provide the login of password of a user that will be used as Liberty Administrator and that the apps will use to perform JMX calls)
Run the ant files as described here
For the admin: https://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.installconfig.doc/install_config/r_wlconsole_ant_tasks.html
For the runtime: https://www-01.ibm.com/support/knowledgecenter/SSHS8R_7.0.0/com.ibm.worklight.deploy.doc/devref/c_project_war_file_ant_tasks.html
You may encrypt the password of the JMX user with the Liberty securityUtility program (in LibertyInstallDir/bin)

SSL Configuration on System i

I have written a delphi application that allows a user to define a query and run it over a DB2 database on an IBM System i using a TADOQuery component with the IBM DB2 OLE DB Provider.
We now have a requirement that the user be allowed to secure the connection using SSL if they so wish. I know that I can pass a value of "SSL=TRUE" into the connection string for the OLE DB Provider. The problem that we're having is setting up SSL on the System i server so that we can set up our test environment.
I can't find any instructions for securing the database application on a System i to use SSL. Does anyone know how to do this?
Setting up SSL on the iSeries