You are viewing limited content. For full access, please sign in.

Question

WebLink: How to Encrypt WLConfig.xml as User Name and Password are Stored in Plain Text

WebLink Version 9 Security

Updated August 29, 2019

asked on August 26, 2019

WebLink Public Portal is set to auto login using a read only user. The user name and password are stored as plain text in the WLConfig.xml file. The server is in a DMZ and the user is concerned about someone gaining access to the WLConfig.xml file.

Anyone have a suggestion on how to encrypt the WLConfig.xml file?

WebLink 9.0.1.275

0 0

Replies

replied on August 26, 2019 • Show version history

I don't know if this is a different between 9 and 10, but in our instances of WebLink 10 the password is encrypted.

I'm a bit confused by the issue though. If WebLink is set to auto login, how would gaining access to the password give an attacker more permissions than they already have by just using WebLink?

In order to reach that particular path, someone would have had to compromise the entire machine. The password for that user would be the least of your worries.

0 0

replied on August 29, 2019

Thanks for the information. We verified in WebLink 10, the user name and password is not in plain text. The user will look into updating to WebLink 10.

0 0

You are not allowed to follow up in this post.

Sign in to reply to this post.

Asked August 26, 2019
Updated August 29, 2019
89 views