English

How To: Encrypt the SDE password in the Metadata Server configuration file (PTKWeblink.cfg)

Summary

Certain site security policies require passwords in plain text configuration files to be encrypted.

The Metadata Server, a component of GPT 9.3, has a configuration file (PTWeblink.cfg) that has an SDE Workspace tag containing connection information to the database. This information is stored by default in plain text.

Instructions provided describe how to encrypt the SDE password in the Metadata Server configuration file.

Procedure

  1. Locate the PTKWeblink.cfg file in the /etc directory under the MetadataServer installation directory.
  2. Open PTKWeblink.cfg in a text editor.
  3. Scroll through the file and note that there are two (2) entries for an <SDEWORKSPACE> tag (approximately lines 37 and 130).
  4. Add the following attribute within the SDEWORKSPACE tag: encrypted="true" in *both* instances of the SDEWORKSPACE tag (ref: ArcIMS Webhelp - SDEWORKSPACE).
  5. Save and close the PTKWeblink.cfg file for now.
  6. Download and install ArcExplorer-Java.
  7. Launch the ArcExplorer-Java Edition application.
  8. Select 'Add Layers �' from the Layer menu.
  9. Expand 'ArcSDE' from the 'Data Sources' tree and double-click 'Add ArcSDE Connection'.
  10. Fill out the 'ArcSDE Connection' form entering:

    a) Server: The server name hosting your SDE data source

    b) Instance:
    i. If connecting to an ArcSDE Application service, then enter the ArcSDE port using the pattern "port:<sde port>", for example, "port:5151".
    ii. If making a direct connection to an SDE geodatabase, then enter the direct connection instance string, for example, "sde:sqlserver:<server-name>".

    c) Enter the database, username, and password information.

    d) Click the 'Test Connection' button.

    e) If the Test Connection worked, then proceed with the next step, otherwise review the connection parameters and try again.

    f) Click OK.
  11. Select a layer from the 'Catalog' window and click the 'Add Layers' button.
  12. Close the 'Catalog' window.
  13. Select 'Save Project' from the 'File' menu.
  14. Save the file, for example, 'sdeconnection.axl', and then open it in a text editor.
  15. Locate the SDEWORKSPACE tag within the AXL file.
  16. Notice that the 'encrypted' attribute is set to 'true'.
  17. Copy the password string. It will now be a 16-character uppercase string.
  18. Re-open the PTKWeblink.cfg file and replace the password string in each SDEWORKSPACE tag with the 16-character string that was copied from the 'sdeconnection.axl' file.
  19. Save and close the PTKWeblink.cfg file.
  20. Restart the Metadata Server service.
  21. Check that there are no errors in Metadata Server log files.
  22. Restart the GPT Web application in Tomcat and the HTTP server.
  23. Check that the GPT Portal Web application search is working correctly.