Essbase – Encrypt Passwords using MaxL Scripts

First of all we need to generate random public and private encryption keys using the following command:

essmsh –gk > myKeys.txt

The resulting myKeys.txt will contain the keys, you should keep this file somewhere safe, here are the contents:

Public Key for Encryption: 25891,2909413183
Private Key for Decryption: 2520849883,2909413183

Then we also need a script to convert, e.g. Finance.mxl, contents as follows:

login ‘admin’ ‘password’ on ‘severname’;
spool on to ‘E:\CalcConsole\Logs\Finance.log’;
import database DFinance.Finance data connect as ‘admin’ identified by ‘password’ using server rules_file PLSQL on error write to ‘E:\CalcConsole\Logs\PLSQL.err’;
execute calculation DFinance.Finance.Night;
spool off;
Exit;

To encrypt the script we use the public key like this:

essmsh –E Finance.mxl 25891,2909413183

Which generates a file called Finance.mxls (note the ‘s’ on the end of the file extension which I suppose stands for “secure”), this no longer has clear-text passwords, contents as follows:

login $key 106005741293930722520707386301 $key 0404020362185807397114384020618985408471 on ‘mdcdev003’;
spool on to ‘E:\CalcConsole\Logs\Finance.log’;
import database DFinance.Finance data connect as $key 106005741293930722520707386301 identified by $key 0404020362185807397114384020618985408471 using server rules_file PLSQL on error write to ‘E:\CalcConsole\Logs\PLSQL.err’;
execute calculation DFinance.Finance.Night;
spool off;
Exit;

The last step is to actually run the script, we need to use the private key to do this:

essmsh –D Finance.mxls 2520849883,2909413183

The theory behind public/private key encryption is that because both keys are required to generate the actual password, and a potential hacker never has access to both the keys, they will not be able to “crack” the password.

Thanks,

~KKT~