removed

[navthoc]

removed

[ray.wurlod]

Presumably this utility does not work with passwords encrypted strongly using the encrypt.sh (encrypt.bat) utility?

[Cranie]

Easiest way to "recover" a password is to stick a basic routine / before call to write the password parameter to the log file. (i.e. no special job / tool required).

DS has to decrypt it for passing to external stages, so it is only secure before run / passing to DS and not while running. Which is to be expected.

[pandeesh]

just curious, whether this is an IBM supported utility or unauthorized one?

[chulett]

There's nothing "supported" about it.

[ray.wurlod]

In fact it almost certainly breaches the licence conditions of the author's Information Server installation (the part about reverse engineering).

I make that statement with no knowledge whatsoever of the tool.

[navthoc]

removed

[ray.wurlod]

That will be interesting to see. AES-128 encryption should be impossible to break in a reasonable amount of time using the kind of hardware that most Information Server sites use.

[navthoc]

Looks like this tool is useful for some users. Re-posting the link.

[BI-RMA]

Easiest way to "recover" a password is to stick a basic routine / before call to write the password parameter to the log file. (i.e. no special job / tool required).

This, indeed, is a serious security threat within DataStage and has been adressed at IBM a number of times already. It should not be possible to print encrypted - or rather decrypted - variables to the log. And it should not be too difficult to disallow this by changing the way DataStage-Basic handles variables of this type, especially in functions like DSLogInfo.

[rameshrr3]

FYI : This security 'hole' has been fixed in Datastage 8.7 .
You can no longer echo encrypted passwords to the job log using a Before after job subroutine that calls the password-storing Job Parameter/Env Variable.

Im not sure if the 'utility' mentioned is of much use with 8.7 and above. LOL