Overview
As part of its normal operations, the Integration Server may connect to applications and subsystems such as remote Integration Servers, proxy servers, and databases. The Integration Server, acting as a client, is required to supply a password, referred to as an outbound password, to each of these systems before connecting to them. The Integration Server uses the outbound passwords to identify itself or authenticate to the other systems.
When you configure the Integration Server to connect to an application or subsystem, for example a database, you specify the password the Integration Server must send to the database server in order to connect to it. Later, when an Integration Server user makes a request that requires the database, the Integration Server sends the configured password to the database server and connects to it.
To protect these outbound passwords, the Integration Server encrypts them. By default it encrypts them using Password-Based Encryption (PBE) technology, also known as PKCS5. This encryption method requires the use of an encryption key or master password that you specify. The encrypted outbound passwords are stored in a file.
Note:
Flow services may also store and retrieve outbound passwords to access secure resources, using the pub.security.outboundPasswords services. For more information, see the webMethods Integration Server Built-In Services Reference.
The master password is also encrypted, and by default, is stored in a file. However, when the password is stored in a file, there is a chance that someone could access the file and decrypt the password. Therefore, for greater security, you can configure the Integration Server to prompt for the master password at server startup instead.
Note:
To protect the master password file (if you use one) and the outbound passwords file, assign them operating system Administrator access.
As stated above, outbound passwords are used by the
Integration Server to authenticate to other entities. In contrast, inbound passwords are used by users and other servers to authenticate to the
Integration Server. Inbound passwords are stored as a one-way hash. See
Managing Users and Groups for a discussion of setting up inbound passwords.
The following sections describe how to manage outbound passwords.