Password policy

Accessing passwords stored in your data source by querying the underlying database is not possible because of the encryption we apply on the passwords. For those of you that need to access passwords directly in the database, for example by a CRM system, we have created a way to achieve this.

Settings

The session information, which is an XML structure, is stored in the Data field of the Connections table in the underlying database.

However, getting the encrypted password from the database requires the Allow password for external system to be configured.

Enter an encryption key in the Key field. Once a key is provided it will cause the system to extract a copy of the password from our XML structure, this will then be re-encrypted using the Key you have provided and stored back into the UnsafePassword field of the Connections table.

Decryption Code

Use the following .net code to decrypt your passwords.

public static string Decrypt(string encryptedString, string key)
{
  if (string.IsNullOrEmpty(encryptedString))
  {
    return encryptedString;
  }
  try
  {
    TripleDESCryptoServiceProvider tripleDesCryptoServiceProvider = new TripleDESCryptoServiceProvider();
    MD5CryptoServiceProvider cryptoServiceProvider = new MD5CryptoServiceProvider();
    string strTempKey = key;
    byte[] byteHash = cryptoServiceProvider.ComputeHash(Encoding.ASCII.GetBytes(strTempKey));
    tripleDesCryptoServiceProvider.Key = byteHash;
    tripleDesCryptoServiceProvider.Mode = CipherMode.ECB;
    byte[] byteBuff = Convert.FromBase64String(encryptedString);
    string strDecrypted =
      Encoding.UTF8.GetString(
        tripleDesCryptoServiceProvider.CreateDecryptor().TransformFinalBlock(
          byteBuff, 0, byteBuff.Length));
    return strDecrypted;
  }
  catch (Exception)
  {
    return null;
  }
}

Settings