Generate Security Key File button description

1.1 Version 

1.2 Function introduction

All variable configuration information of the report is stored in the configuration database. The trial product uses the built-in HSQL database. The location is: %BI_HOME%\webapps\webroot\WEB-INF\embed\finedb , the official environment can be migrated to external In the configured database, a db.properties file is generated under /WEB-INF/config , which records the address, user name, password and other information of the configuration database.

Mainly in two aspects:

• Password encryption and decryption of the database in the db.properties file after migration

• Encryption and decryption of data connection password, email password, FanRuan pass password, etc. (excluding platform user password)

To enhance the security of the key, the logic of the root key is now optimized.

When FineBI is installed , check the "Generate Security Key File" button. After selection, 3 seed files will be randomly generated. When the project starts, the seed file is read, and a constant public and private key is generated according to the seed in the memory. At this time, the generated seed file is used for encryption and decryption. .

If the user has higher security requirements, this button can be checked. As shown below:

Note 1: In the Windows environment, when FineReport Designer is installed to C:\Program Files without write permission, to generate a security key, right-click the installation package and choose to run as administrator.

Note 2: For the method of configuring an external database, please refer to: Configuring an External Database

• Encryption If there is a new seed file, it is encrypted with the new key.

• Decryption If there is a new seed file, use the new key to decrypt, and if the decryption fails, use the old key to decrypt.

• It has no effect on customers who upgrade the JAR package. As long as the seed file is not manually placed, the old key is used for encryption and decryption.

• The newly installed exe of 2020-08-04 and later uses the key encryption password generated by the seed file, so the JAR package cannot be returned. After returning, only the old root key cannot be decrypted.