Essbase – Encrypt Passwords using MaxL Scripts


First of all we need to generate random public and private encryption keys using the following command:

essmsh –gk > myKeys.txt

The resulting myKeys.txt will contain the keys, you should keep this file somewhere safe, here are the contents:

Public Key for Encryption: 25891,2909413183
Private Key for Decryption: 2520849883,2909413183

Then we also need a script to convert, e.g. Finance.mxl, contents as follows:

login ‘admin’ ‘password’ on ‘severname’;
spool on to ‘E:\CalcConsole\Logs\Finance.log’;
import database DFinance.Finance data connect as ‘admin’ identified by ‘password’ using server rules_file PLSQL on error write to ‘E:\CalcConsole\Logs\PLSQL.err’;
execute calculation DFinance.Finance.Night;
spool off;
Exit;

To encrypt the script we use the public key like this:

essmsh –E Finance.mxl 25891,2909413183

Which generates a file called Finance.mxls (note the ‘s’ on the end of the file extension which I suppose stands for “secure”), this no longer has clear-text passwords, contents as follows:

login $key 106005741293930722520707386301 $key 0404020362185807397114384020618985408471 on ‘mdcdev003’;
spool on to ‘E:\CalcConsole\Logs\Finance.log’;
import database DFinance.Finance data connect as $key 106005741293930722520707386301 identified by $key 0404020362185807397114384020618985408471 using server rules_file PLSQL on error write to ‘E:\CalcConsole\Logs\PLSQL.err’;
execute calculation DFinance.Finance.Night;
spool off;
Exit;

The last step is to actually run the script, we need to use the private key to do this:

essmsh –D Finance.mxls 2520849883,2909413183

The theory behind public/private key encryption is that because both keys are required to generate the actual password, and a potential hacker never has access to both the keys, they will not be able to “crack” the password.

Thanks,

~KKT~

Advertisements

2 thoughts on “Essbase – Encrypt Passwords using MaxL Scripts

  1. is it possible to encrypt a username/password that you are not logged in as? Can this be done in EAS?

    Like

    • Dear Tracy,

      Please excuse for delay in reply. As per your query without logged in it is not possible to encrypt username and password.

      Just to explain the process and you might be aware as well. Run the following.

      essmsh -gk

      This will generate your public and private keys

      Then use the following

      essmsh -E c:\folder\script.mxl

      so could be :- essmsh -E c:\temp\dataload.mxl 5223,1299021247

      This will create a new maxl script called dataload.mxls that will have the account information encrypted.

      To call the script you need to include the PRIVATE KEY – essmsh -D c:\temp\dataload.mxls 964450103,1299021247

      More information available at :- http://download.oracle.com/docs/cd/E12825_01/epm.111/esb_techref/maxl_invoke_encrypt.htm

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s