Feedback
 
Did this article resolve your question/issue?

   

Your feedback is appreciated.

Please tell us how we can make this article more useful. Please provide us a way to contact you, should we need clarification on the feedback provided or if you need further assistance.

Characters Remaining: 1025

 


Article

Can the values of -U and -P be encrypted?

« Go Back

Information

 
Article Number000010496
EnvironmentProduct: Progress
Version: 9.x
Product: OpenEdge
Version: 10.x, 11.x
OS: All supported platforms
Question/Problem Description
Can the values of -U and -P be encrypted in a batch or script file?
Is it possible to encrypt the values of -U (user) and -P (password) in a batch file?
Is it possible to encrypt the values of -U (user) and -P (password) in a script?
Can the values of -user and -password be encrypted when running SQL Explorer (sqlexp)?
Steps to Reproduce
Clarifying Information
Error Message
Defect/Enhancement NumberDefect PSC00351406
Cause
The exact cause is not known at this time.
Resolution
Until a fix is available, use the workaround below.
Workaround

OpenEdge 11.x
For ABL client, the user and password parameters are  -U (user) and -P (password).
For SQL Explorer client, the user and password parameter are -user (user) and -password (password).

It is possible to encrypt the value of the password but not the username. To utilize this functionality, follow these steps:

  1. Run the genpassword utility from PROENV:
genpassword -password <text>

Example:

genpassword -password test

Result:

24373c33
  1. Add the prefix oech1 to the encrypted password using the double colon (::) separator: For example,
oech1::24373c33

The prefix oech1 specifies the encryption algorithm (oec), the encoded password format (h), and the encryption keypad (1).

  1. Use the result as the value of the -P parameter:
prowin32 -db sports2000 -1 -U test -P oech1::24373c33
  1. Use the result as the value of the -password parameter:
​sqlexp -db sports2000 -1 -user test -password oech1::24373c33
 

Progress 9.x / OpenEdge 10.x
The values for the parameters -U (user) and -P (password) cannot be encrypted in a batch or script file because Progress will not know how to treat them.

Create an ABL program or procedure to encrypt / decrypt the password before calling the CONNECT statement.
Alternatively use a third party software able to implement encryption/decryption.

Notes
References to other documentation:

OpenEdge Deployment: Startup Command and Parameter Reference, Chapter 4: "Startup Parameter Descriptions" > "Password -P"

Progress article(s):
000065023, "Connection attempt fails with error ORA-01017 when using the oech1:: encrypted password specification with DataServer for Oracle"
000064248, How to hide sqlexp password in Unix process output?
Attachment 
Last Modified Date5/31/2019 9:13 PM