14.1 spsecure
On This Page:
Background
With the release of ServiceScheduling 13.0.6, user passwords are stored securely in the ServiceScheduling database to protect user information.
It is no longer possible to authenticate against a user unless the user's sp083.AUTH_TYPE
value is either SECURED
or LDAP
.
The passwords for existing users with an sp083.AUTH_TYPE
value of INTERNAL
, are upgraded to have the stored password hashed, and the sp083.AUTH_TYPE
value changed to SECURED
when the dbinstall utility is run as part of the upgrade process.
The dbinstall utility will also upgrade all user passwords in the sp430
table to be hashed as part of the upgrade process.
As always, it is recommended to backup the database before upgrading.
spsecure
The spsecure
utility has been added to the ServiceScheduling bin
directory.
This utility secures all user sp085
passwords where the AUTH_TYPE
value is INTERNAL
, and all passwords in sp430
.
The tool is automatically run at the end of the dbinstall script.
The tool may also be run as a standalone binary if necessary, for example, where new users are directly inserted into the database using the deprecated INTERNAL
authentication approach.
After upgrading to ServiceScheduling 13.0.6, there is no need to run the spsecure
utility when users are created via the 14.1 Create User SOAP API or updated via the 14.1 Update User SOAP API.
These APIs will automatically store passwords in the new secure format.
Running the tool on a database where passwords have been already secured will have no effect.
Arguments
-d <databaseConnectionString>
- The ServiceScheduling database connection string.
Functionality
- Select all passwords from
sp085
with anAUTH_TYPE
ofINTERNAL
and all un-hashed passwords insp430
. - Assign a random salt, and hash the passwords.
- Insert the passwords back into the database, and set the
AUTH_TYPE
toSECURED
in thesp083
table.