We deliver out software on Linux with bitrock (i.e. packed by the InstallBuilder). During the installation the installer requests a password which the application later needs to connect to a database server. Our application makes use of BlowFish encrypted password hashes and does know (and only we know) do decrypt the string again to be used when the software internally connects to the database server. This hash is stored for this purpose in some properties file the application uses. So far so good.
When the installer runs in so called unattended mode, the admin must prepare an install.ini file with this hash, which is also fine. He/she can encrypt the clear password with a routine we provide and can cut&paste the string to the ini file in the editor.
When the installer runs in dialog mode, we are aiming for that the admin can provide the password (for the last time) in clear text and it should be encrypted on the fly and used already in some installation routines (which update the database) already in encrypted form and stored as such also in the created properties file, created by rules in the bitrock XML file.
How this could be done?
Please sign in to leave a comment.