Use the obfuscation tool to protect sensitive strings such as passwords in configuration files.
configuration files can contain sensitive data like:
- fan-out connection passwords
- keystore passwords
Use the obfuscation tool to make it harder for an attacker to read the passwords. The tool converts them to a form that
the server can understand, but which is not easily readable by a casual observer.
The tool is a command-line script in the bin directory called obfuscate.sh
(or obfuscate.bat for Windows™).
The script takes strings representing the passwords or other values you want to protect as command line arguments.
It writes out the obfuscated version of each argument in order.
Copy the output and use it in the Diffusion configuration file in place of the original string.
Note: The obfuscation method provides superficial protection against casual browsers. To provide better protection, ensure the file can only be read by trusted users.