We are currently using webMethods version- 10.5, we are observing issue while fetching password value from webMethods Extended Setting tab of Integration Server for below Key
Here the Key used is watt.password & corresponding value is abcd, for this entry the password would be seen in encrypted format in wM extended settings tab
However during code execution, we were able to retrieve the actual value using pub.utils:getServerProperty, please find below screenshot
Recently we observed that the password retrieved is still in Encrypted format ******
Looks like anything in extended settings having word ‘Password or password’ element in it, has this issue.
Could you please help us in providing your inputs on resolving this issue ?
As part of IS_10.5_Core_Fix11, changes were made to mask the passwords. However, it also saved the passwords in masked format. This will be fixed in upcoming Fix15. Below is readme entry for this issue.
After installing a fix that includes PIE-70713, if a server configuration parameter name ends with “password” or “Password”, Integration Server saves the masked value instead of the actual value.
When editing or viewing extended settings (server configuration parameters) on the Settings > Extended page in the legacy Integration Server Administrator, Integration Server masks the value of any parameter whose name ends with “password” or “Password”. However, when saving the parameter value, Integration Server saves the mask instead of the actual value.
This issue is now resolved.
Thanks for your response Kalpesh.
Storing a password, masked or otherwise, in the extended settings seems ill-advised. Not the intended/right place for customer-defined anything.