Clarity: User ID and Password are in clear text in the XOG files. How do you get the password to be encrypted?

Document ID : KB000023399
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

User ids and passwords appear in clear text in the XOG property files.

How do you get the password to be encrypted? Some companies standards do not allow clear text passwords to show internal servers.

Answer:

By default when using XOG property files, automatically the user credentials are shown in clear text.

A solution is to run XOG manually so it can prompt users to enter a password.

If you need to use property files, access to the file should be protected on the server through reduced restrictions to view the contents to only the OS user that is running the task.

Alternatively, as XOG primarily relates to the content and format of information exchanged in and out of Clarity, and this exchange takes place over SOAP, it is also possible to use other clients to perform the operations.  For example on a Windows system, Powershell has the ability to call and interpret SOAP web service calls over WSDL, along with a number of other third party clients, that may also have the capability of encrypting or preventing the display of the username and password.

Please note that in advance of all of this, the first thing that should be done is to ensure that your Clarity server is also setup to receive connections over HTTPS (TLS).  Otherwise even if the username and password are not showing on the screen or machine locally, when connecting to the server using HTTP the data is still transmitted 'in the clear' as plain text.