Securing Your Uniface Applications with PathScrambler 🔐

✨ This blog post was created with the help of AI

What is PathScrambler? 🤔

PathScrambler is a command line tool in Uniface 10.4 that helps you protect sensitive information in your applications. Think of it as a lock 🔒 for your passwords, database connections, and other secret data that you don't want anyone to see in plain text.

Instead of storing your database password as "myPassword123" in a file, PathScrambler encrypts it into something like "(!AmTJX5RGQOFPF3ID4/4nk1jljMnEf9bIoKILbIjpoxBH!)" that nobody can read without the proper key.

Why Should You Use PathScrambler? 🛡️

When you develop Uniface applications, you often need to store connection strings, usernames, and passwords in configuration files called assignment files. If someone gets access to these files, they can see all your sensitive data. PathScrambler solves this problem by encrypting this information.

The tool is especially useful for:

• Database connection strings with usernames and passwords 💾
• Remote connection information 🌐
• Login credentials 👤
• Web server connections 🖥️

How to Encrypt an Assignment File 📝

An assignment file (ASN file) contains configuration settings for your Uniface application. Here's how to protect sensitive data in it:

Step 1: Mark the Sensitive Data

Open your assignment file and wrap the text you want to encrypt with double parentheses. Here's an example:

[PATHS]
$DB = MQL:database|((username))|((password))
$REM_DB = TCP:((machine1+port|user|passwd))

In this example, the username, password, and connection details are marked for encryption.

Step 2: Run PathScrambler

Open your command line and run the PathScrambler tool:

pathscrambler -infile C:\uniface\projects\myapp.asn

This tells PathScrambler to encrypt the marked sections in your file.

Step 3: Use the Encrypted File

PathScrambler creates a new file called myapp.asn.enc. The encrypted file looks like this:

[PATHS]
$DB = MQL:database|(!AmTJX5RGQOFPF3ID4/4nk1jljMnEf9bIoKILbIjpoxBH!)|(!AkCiDZD4OCQBfbxPoGl3vrrPa+47cjvBQrzHEo1SBGzE!)((AlHCQrTMLE519Ps+GVOwKFk=))

Now your sensitive data is protected! 🎉

Adding Extra Security with Seeds 🌱

For even better protection, you can use a seed. A seed is like a secret phrase that makes your encryption unique. Here's how to use it:

pathscrambler -infile C:\uniface\projects\myapp.asn -seed "Very Secret Seed"

This creates an encryption that only works with your specific seed. The encrypted file will include a special $seed setting that Uniface uses to decrypt the data.

Important: Keep your seed safe! If you lose it, you won't be able to decrypt your data. 🔑

Encrypting Connection Strings for Code 💻

Sometimes you need to use encrypted connection strings directly in your Uniface code. PathScrambler can help with that too!

Use the -instr option to encrypt a connection string:

pathscrambler -instr "((db_name|db_user|db_password))"

This gives you an encrypted string like:

(!AkROgF78qqhLj/clYeV8NoT8WjDdWwt+ZDbR50NjJgsWtv56hO//FiA3wqbrtstwyg==!)((Aq5MXaYqxZDlGmC/krzUYJk=))

You can now use this encrypted string in your Uniface code:

open (!AkROgF78qqhLj/clYeV8NoT8WjDdWwt+ZDbR50NjJgsWtv56hO//FiA3wqbrtstwyg==!)((Aq5MXaYqxZDlGmC/krzUYJk=))

Protecting Web Server Connections 🌐

If your Uniface application connects to a web server, you can encode the middleware connection string in the web.xml file.

Here's the process:

1. Find your middleware setting in web.xml
2. Copy the connection string (everything after "UV8:")
3. Run PathScrambler with the -path option and save the output to a file
4. Copy the scrambled text into your web.xml file using a CDATA section

Example command:

pathscrambler.exe -path "host.domain.com+13001|userver|userver|webasv" >output.txt

The result in your web.xml file:

<param-value>
<![CDATA[UV8:(eC=~`G1of65leS0q]6=pO~A~I@EsbLR~^/N6^/N<`/Jhgj^hgj|7^SNlg7]9)]]>
</param-value>

Important Things to Remember 📌

• Keep a backup: Always save an unencrypted copy of your original files. If you need to change something in an encrypted line, you must edit the original file and encrypt it again. ♻️
• Don't use seeds everywhere: Seeds are great for assignment files, but don't use them with the -instr option for open commands or login strings. 🚫
• Compatibility: Since Uniface 10.3.02.022, the encryption method has changed. Old encrypted files still work, but if you need to modify them, you'll need to use the new encryption method. 🔄
• Understanding the output: Encrypted data uses special markers. Double parentheses (( )) mark data before encryption, exclamation marks with parentheses (! !) mark encrypted data, and the digest (the part in double parentheses at the end) ensures the data hasn't been tampered with. ✅

Binding to Certified Applications 🎓

For maximum security, you can bind your encrypted paths to a certified Uniface application. This means the encrypted data only works with your specific application. To do this, you need to use PathScrambler together with the cert.exe utility.

This is an advanced security feature that prevents someone from taking your encrypted paths and using them in a different application.

Conclusion 🎯

PathScrambler is a powerful tool that helps you protect sensitive information in your Uniface applications. By encrypting passwords, connection strings, and other confidential data, you make your applications more secure and reduce the risk of data breaches.

Remember:

• Use encryption for all sensitive data in your assignment files 🔐
• Consider using seeds for extra security 🌱
• Always keep unencrypted backups of your original files 💾
• Test your encrypted configurations to make sure everything works correctly ✔️

Happy secure coding! 🚀