1. Home
  2. Transact
  3. System Configuration
  4. Security Configuration
  5. Password Masking

Password Masking


This feature is responsible for masking the password fields across all the Ephesoft application UI. It covers UI fields like passwords used in plugin configuration, E-mail configuration, CMIS repository configuration etc. The values of the identified password fields will be encrypted upon persistence to database and these values will be masked from the UI.


Areas covered


Following plugins have been identified for consisting of password fields.

  1. CMIS Export
  2. DB Export
  3. File-Bound plugin
  4. Fuzzy-DB Extraction plugin

The password field in these plugins has been marked as “PASSWORD” field type and thus receives special treatment of encryption and masking.

Email import

Email accounts used to fetch input batches for processing contains passwords to the configured Email account. These account settings are used to provide authentication while reading mails from the configured account. The password field for all the accounts is now being encrypted and masked.

CMIS import

CMIS repositories configured for importing documents from repository contains password to the account to access the repository. The password field for all the accounts is now being encrypted and masked.


Configurable Properties

Following are the list of configurable properties for the above configuration:

Encryption properties

Upon Ephesoft server start-up, all the existing password fields will be encrypted based on the following properties added in the META-INF\dcma-encryption\ file.


Following steps are used for encrypting password fields on server start-up.

  1. If “password.encrypt” property is set to “true”, encryption of the fields takes place.
  2. The application then locates all the areas covered under password encryption.
  3. All the values of identified fields are then encrypted with Ephesoft’s in-house encryption algorithm based on password based encryption algorithm.
  4. The encrypted value is then appended with “password.encrypt_suffix” property value.
  5. Then these values are persisted in the database.
  6. After doing this activity once, we do not need the repeat of process on each server start up. Hence, after the encryption the value of “password.encrypt” will be updated to “false”.


Following steps are used for encrypting password fields post server start-up.

  1. After the encryption of values, if the user alters value of any such field, its value will be encrypted before persisting it in the database.



All the password fields will be masked

Steps of execution

  • Plug-in uses the regex pattern defined for each document type in document level fields.
  • It matches all the regex defined with each document level fields from batch.xml. If all the values of document level fields are matched with regex defined then that document’s “Valid” tag is set to true, otherwise it is set to false.
  • The documents that are valid do not need validation but those which are set as false for valid tag are to be validated during Validation.


Following are few common error messages seen due to mal-functioning of the plugin:


[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
S. No.,Error message,Possible root cause
1,Invalid initialization of field service.,No field type initialized in a document.
2,Invalid input pattern sequence.,Regex pattern is not supplied for required field.





Was this article helpful to you? Yes No