Summary
Question
To help get SSC database information without connecting to the database.
Answer
Access to the SSC host is required to get info of the SSC database server host, database name, database username and password found in <fortify_home>/.fortify/ssc/conf/datasource.properties file along with the bundled pwtool found with the SSC installation.
The datasource.properties contains the following information,
1. Info on database host, port and database name located in jdbc.url variable
eg
# JDBC URL
jdbc.url=jdbc:sqlserver://localhost:1433;database=SSC;sendStringParametersAsUnicode=false
2. Info on what type of database is running by reviewing the db.driver.class variable. In this example, it is using MS SQL Server which can be confirmed by looking for the JDBC jar file (as per the SSC system requirement guide) located under tomcat/lib directory.
eg
# JDBC driver class
db.driver.class=com.microsoft.sqlserver.jdbc.SQLServerDriver
3. The DB username and password
eg
# Database access username
db.username={fp0}myDO45XVKcucv7CtouMhRJW/Yi7z5ZLRAX6wo6AUZLg=
# Database access password
db.password={fp0}myDO45XVKcucv7CtouMhRJW/Yi7z5ZLRAX6wo6AUZLg=
To decrypt the db.username and db.password in the datasource.properties file, first get a copy of the pwtool which is located in the SSC installation directory.
eg
Fortify_SSC_Server_<ver>\Fortify_<ver>_Server_WAR_Tomcat\bin\pwtool
Run the following command to decrypt db.username and db.password in separate pwtool commands,
eg /path/pwtool -d <fortify_home>/.fortify/ssc/conf/secret.key
where the <fortify_home> is the user home directory that starts Tomcat.
When prompted for, "Enter encoded password:", copy and paste the value for db.username OR db.password including the prefix "{fp0}". The prompt will not display the pasted value and hit enter. This will show the username or password.
eg
Enter encoded password: {fp0}myDO45XVKcucv7CtouMhRJW/Yi7z5ZLRAX6wo6AUZLg=