Password in clear text (Kinetic 2022.1)

sanjeev.gupta · June 28, 2022, 11:39am

Dear All,

I have installed Kinetic (Kinetic 2022.1) and configured with SQL Authentication Mode in Database Connection and Reporting Services.

When I checked Host.config (Connection string Section) (C:\inetpub\wwwroot\Kinetic_1\Server), found password is showing in clear text.

Regards,
Sanjeev Gupta

josecgomez · June 28, 2022, 11:58am

Yeah… it’s a connection string

hkeric.wci · June 28, 2022, 12:00pm

Its in web.config not Host.config. You can always change your settings to use Windows Authentication.

fakhruddin · June 28, 2022, 12:02pm

Yes, Windows Authentication will be good.

sanjeev.gupta · June 28, 2022, 12:13pm

Windows authentication is fine

Mark_Wonsil · June 28, 2022, 12:21pm

There is an Epicor Ideas suggestion to have Epicor implement Secrets Management. In addition to improving security, it would make DevOps much easier. Here are some of the places where Kinetic ERP requires secrets:

Task Agent: credentials
Command Line Utilities: credentials in XML templates (DatabaseIUser, ServiceUser, EpicorUser, ApplicationPoolUser, SSRSDataBaseUser, RemoteUser, …)
SQL Server: credentials for sql users
Collaborate: Recovery Key
Application Pools: credentials
Automatic Login Stations like MES: credentials
Application Server: domain credentials
Admin Console: credentials for admin users
SMTP Server: credentials
Bartender: REST credentials
Enterprise Search: credentials
Data Discovery: credentials
Classic Web Access: credentials
IoT: Azure Managed Service Principals
Solution Workbench: command line credentials
Certificates: credentials
AFR Monitor: credentials