Protecting property files

Some OneSpan Authentication Server components and side products are Java-based and use so-called property files to store configuration settings. These settings can also include sensitive data, such as passwords. For instance, the DIGIPASS Gateway property file can include passwords to access proxy servers and API keys used for HTTP authentication.

Protecting property files using software encryption

The value of sensitive properties are encrypted using a static software-level key by default. The OneSpan Web Configuration Tool that is used to maintain these property files only indicates whether those properties are set without displaying the actual values. If you open the property file in a text editor, you will see only the encrypted value. Since the default value encryption provides only basic protection, we recommend that you additionally restrict access to the property files.

Best practices: Handling property files

• Limit file access. Limit the access to property files to the individuals who are responsible for setting up and configuring the respective components only. Use file permissions provided by the operating system to restrict the file access.
• Store backup copies securely. Store backup copies (preferably encrypted) of property files in a secure location, preferably in a secure location without network connectivity.