Password encoding deters the casual observation of passwords in server configuration and property files.
By default, passwords are automatically encoded with a simple masking algorithm in various WebSphere® Application Server ASCII configuration files. Additionally, you can manually encode passwords in properties files that are used by Java clients and by administrative commands for WebSphere Application Server.
The default encoding algorithm is referred to as XOR. An alternate OS400 encoding algorithm can be used with WebSphere Application Server for IBM® i that exploits native validation list (*VLDL) objects only. With the OS400 algorithm, passwords are stored in an encrypted form within a validation list. The configuration files contain indexes to the stored passwords instead of the masked passwords, as is done with the XOR algorithm.
{algorithm}encoded_passwordwhere {algorithm} is a tag that specifies the algorithm that is used to encode the password, which is either XOR or OS400. The encoded_password variable is the encoded value of the password. When a server or client needs to decode a password, it uses the tag to determine what algorithm to use and then uses that algorithm to decode the encoded password.
Java clients use passwords from the sas.client.props file, which is in the profile_root/properties directory.
To use password encoding with Java clients, the passwords must be manually encoded in the sas.client.props file using the PropFilePasswordEncoder tool.
The administrative commands for WebSphere Application Server use passwords from the soap.client.props file, which is also located in the profile_root/properties directory, for SOAP connections. Some administrative commands optionally use passwords from the sas.client.props file in the profile_root/properties for Remote Method Invocation (RMI) connections. To use password encoding with administrative commands, you must manually encode the passwords in the soap.client.props and sas.client.props files using the PropFilePasswordEncoder tool.