Which TIBCO products (for e.g. iProcess, core businessworks and adapters etc) mangle the password on establishing an EMS connection?
Article ID: KB0091302
Updated On:
| Products | Versions |
|---|---|
| TIBCO Enterprise Message Service | - |
| Not Applicable | - |
Description
Resolution:
Mangled password usage is true for any product (iProcess or core businessworks or adapters) using EMS API's to connect to EMS server.
Although you provide the password in clear text in the createConnection call, the password is actually mangled when sent to the server. Therefore, a capture of the tcp traffic between the client application and the EMS Server would not see the password as a clear text. Mangled passwords are produced via proprietary algorithm. The algorithm is not cryptographically secure and does not use keys; those who know the algorithm can recover the original password from mangled text. The main purpose of mangling is to provide basic protection, such that people who accidentally see mangled text do not see the password.
If you wish extra security, you would have to use SSL. Actually, from EMS 4.2 was introduced the "authentication only" feature that uses SSL channel to complete the connection phase (so the password is encrypted) and then falls back to a regular TCP connection.
When ssl_auth_only is enabled, the server allows clients to request the use of SSL only for authentication (to protect user passwords). When this parameter is disabled, the server ignores client requests for this feature. When absent, the default value is disabled.
For an overview of this feature, please refer to the section "SSL Authentication Only" in TIBCO Enterprise Message Service User's Guide.
Mangled password usage is true for any product (iProcess or core businessworks or adapters) using EMS API's to connect to EMS server.
Although you provide the password in clear text in the createConnection call, the password is actually mangled when sent to the server. Therefore, a capture of the tcp traffic between the client application and the EMS Server would not see the password as a clear text. Mangled passwords are produced via proprietary algorithm. The algorithm is not cryptographically secure and does not use keys; those who know the algorithm can recover the original password from mangled text. The main purpose of mangling is to provide basic protection, such that people who accidentally see mangled text do not see the password.
If you wish extra security, you would have to use SSL. Actually, from EMS 4.2 was introduced the "authentication only" feature that uses SSL channel to complete the connection phase (so the password is encrypted) and then falls back to a regular TCP connection.
When ssl_auth_only is enabled, the server allows clients to request the use of SSL only for authentication (to protect user passwords). When this parameter is disabled, the server ignores client requests for this feature. When absent, the default value is disabled.
For an overview of this feature, please refer to the section "SSL Authentication Only" in TIBCO Enterprise Message Service User's Guide.
Issue/Introduction
Which TIBCO products (for e.g. iProcess, core businessworks and adapters etc) mangle the password on establishing an EMS connection?
Feedback
Yes
No
Powered by
