Page History
Advanced Connect Parameters
The following sections refer to the management of these fields in each connection properties screen in RED
The fields labelled "Session .." are never stored in the metadata and only persist, in-memory, for the duration of the user's session of RED.
Additionally the users and passwords entered in the Scheduler Configuration screen in RED are never stored in the metadata and only persist, in-memory, for the duration of the user's session of RED.
Connection Strings
RED will always construct an ODBC connection string for connecting to any ODBC data source, therefore all ODBC, Database and applicable Extensible Source Connections in RED require a connection string to be entered. If no connection string is provided (such as for upgraded repositories pre RED 10.2) then a default is derived for the session duration based on the presence or absence of the user and password fields.
When saving a connection from the connection properties screen, the connection string is stored in the metadata and accepts the following RED tokens for automatic replacement at runtime to avoid storing any credentials in the metadata.
- $DSN$ - replaced at runtime with the ODBC Data Source Name of the connection.
- $USER$ - replaced at runtime with the Session User Id of the connection.
- $PASSWORD$ - replaced at runtime with Session Password of the connection.
Profiles and Session Credentials
For each ODBC, Database or Extensible Source Connection RED maintains an in-memory credential set including the username, password, and connection string for each connection. This in-memory credential set is what we term the ‘Profile’ for authentication during the session of RED.
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Add-Type -AssemblyName System.Security $myPass = "myp@ssw0rd!" # Convert the pwd string to a byte array. $bytes = [System.Text.Encoding]::Unicode.GetBytes($myPass) # Encrypt the byte array. $encryptedBytes = [System.Security.Cryptography.ProtectedData]::Protect( $bytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser) # This is the equivalent form stored in the Profile files for RED $encryptedProfilePassword=[System.Convert]::ToBase64String($encryptedBytes) Write-Output $encryptedProfilePassword |
If
...
for
...
some
...
reason
...
you
...
need
...
to
...
decrypt
...
the
...
profile
...
file
...
passwords
...
in
...
a
...
script
...
the
...
below
...
method
...
shows
...
how
...
to
...
do
...
this.
...
Note
...
that
...
only
...
the
...
same
...
Windows
...
User
...
that
...
encrypted
...
the
...
password
...
in
...
the
...
first
...
place
...
will
...
be
...
able
...
to
...
decrypt
...
it.
Example PowerShell script to decrypt Windows DPAPI encrypted base64 Unicode string:
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
Add-Type -AssemblyName System.Security # set this to an encrypted string taken from the Profile file $encryptedProfilePassword=”<YOUR ENCRYPTED STRING>” # first convert the extracted RED Profile string FromBase64String to Byte array $encryptedBytes = [System.Convert]::FromBase64String($encryptedProfilePassword) Write-Host "Encrypted Bytes" -ForegroundColor Cyan Write-Host ([string] $encryptedBytes) -ForegroundColor DarkGreen # Unencrypt the data. $bytes = [System.Security.Cryptography.ProtectedData]::Unprotect( $encryptedBytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser) $plainTextPwd = [System.Text.Encoding]::Unicode.GetString($bytes) Write-Host "Decrypted Data" -ForegroundColor Cyan Write-Host $plainTextPwd -ForegroundColor Red |
Example Profile fileProfile file
The Profile file profile file is a .JSON file which makes it easy to programmatically update any connection attributes it contains.
...
The following Environment Variables are created at run-time for Scripts associated to ODBC, Database and Extensible Source Connections:
Where User, Password and Connection Strings are set from the current RED session credentials in the in-memory Profile.
WSL_<META|TGT|SRC>_CONSTRING contains the complete connection string with tokens $DSN$, $USER$, $PASSWORD$ replaced.
Metadata | Target | Source |
---|---|---|
WSL_META_DSN | WSL_TGT_DSN | WSL_SRC_DSN |
WSL_META_DSN_ARCH | WSL_TGT_DSN_ARCH | WSL_SRC_DSN_ARCH |
WSL_META_SERVER | WSL_TGT_SERVER | WSL_SRC_SERVER |
WSL_META_DBID | WSL_TGT_DBID | WSL_SRC_DBID |
WSL_META_USER | WSL_TGT_USER | WSL_SRC_USER |
WSL_META_PWD | WSL_TGT_PWD | WSL_SRC_PWD |
WSL_META_CONSTRING | WSL_TGT_CONSTRING | WSL_SRC_CONSTRING |
Anchor | ||||
---|---|---|---|---|
|
...