Encrypting sensitive data
When you create a new content source using the Manage Search portlet, some secured content sources require that you enter sensitive data. For example, this can be the user ID and password of the crawler user ID required for accessing the secured content source. You can encrypt such sensitive data so that it is not stored as plain text on the hard drive.
For example, consider the case of content sources in the form of secured portal sites or HTTP sites that require a user ID and password. This sensitive data is stored on the portal server hard drive in plain text unless you choose to encrypt it. In order to ensure that such sensitive data is encrypted, perform the following procedure after portal installation:
- Copy the file searchsecret.xml to a temporary directory temp .
The original file is located in...
- For UNIX™: $PORTAL_HOME/search/wp.search.admin/bin
- For i: $PORTAL_HOME/search/wp.search.admin/bin
- For Windows™: $PORTAL_HOME/search/wp.search.admin/bin
- Open the copied file searchsecret.xml with an editor.
- Replace the string CHANGE TO YOUR SECRET KEY with a random string of choice.
- Run the updated file searchsecret.xml by using xmlaccess.sh command:xmlaccess.sh -in searchsecret.xml -out results.xml -user wpsadmin -pwd wpsadmin -url http://local_host:local_port/wps/config
The script creates a slot called search.secret in the credential vault. Portal search uses this slot to encrypt the passwords configured for crawlers. If this slot does not exist, the password is saved as clear text on the portal server hard drive.
- Specify the file name using the -in option.
- Specify a result file using the -out option.
- Check the result file to verify the XML request was executed successfully.
The file xmlaccess.sh is located in the directory $PORTAL_HOME/bin. Example of the full command syntax for running the script searchsecret.xml:
[[Directory structure wp7|PORTAL_HOME]]/bin/xmlaccess.sh -in temp/searchsearchsecret.xml -user wpsadmin -password wpsadmin -url http://localhost:10039/wps/config
For more details about how to use xmlaccess.sh, refer to the topics about xmlaccess.sh, especially about Working with xmlaccess.sh.
- Delete the copied file searchsecret.xml that contains encryption key.
Parent
Security considerations
Related tasks
Search on Portal Search collections and other content sources
Search on secured portal sites and pages and content management items
Work with xmlaccess.sh
Sep 2, 2010 11:47:57 AM Sep 2, 2010 11:46:15 AM