How to secure (encrypt) CSP connectors & user xml

How to secure (encrypt) CSP connectors & user xml

The connectors.xml &users.xml can be stored anywhere, as long as it can be accessed via url (e.g file://, http, https, ftp). Optionally, the list can also be blowfish encrypted using the included tool fishenc.jar (found in lib, java -jar fishenc.jar). If encrypted, tracker-key must be correctly set.
In the below example we are going to encypt connectors.xml & users.xml

cd /usr/local/csp/lib
java -jar fishenc.jar /usr/local/csp/config/connectors.xml /usr/local/csp/config/connector.enc 12345 <!-- where 12345 is your tracker key - (password) -->
java -jar fishenc.jar /usr/local/csp/config/users.xml /usr/local/csp/config/users.enc 12345 <!-- where 12345 is your tracker key - (password) -->

Using any ftp program copy the files connectors.xml & users.xml to a different PC rather than your CSP server, then delete the files connectors.xml & users.xml from your CSP server.
Finally update your proxy.xml with:

<user-source name="localusers">
<user-file-url>file:///usr/local/csp/config/users.enc</user-file-url>
<user-file-key>12345</user-file-key>

and

<connector-file-url>file:///usr/local/csp/config/connector.enc</connector-file-url>
<connector-file-key>12345</connector-file-key>

Enjoy..
By Shatanar