Question
Healthnet
US
Last activity: 13 Feb 2020 19:06 EST
Pega-Chat configuration: Passwords saved as plain text
Pega Chat application configuration files accepts passwords for the account in plain text ONLY. We understand that it was the limitation when we implemnted pega chat 7.4 in 2018. However, this practice is in non-compliance with our company standards. Please let us know if passwords in config files can be encypted in latest version of Pega-chat.
***Edited by Moderator Marissa to update platform capability tags; update SR Details****
Accepted Solution
Pegasystems Inc.
IN
Hi Bhanu, I don't think you'd find this fix available in 7.1.4. I would encourage you to upgrade to 7.4 or a later version. As David pointed out above, we have done a whole bunch of security enhancements to Chat in our upcoming 8.4 release. Upgrading to a more recent version would allow you the benefits of many other performance improvements done to the Chat infra and architecture.
Thank you!
Krishna
Pegasystems Inc.
US
Hi BhanuPratapV7929,
The plain text password was something that we've recently addressed for the Pega co-browse product, and Chat is next in line for receiving that change. We are on a tear on security related features for Chat at the moment, a lot of which will be announced in the next few weeks when the 8.4 versions of the platform and Customer Service releases are generally available. I don't recall whether this item (pretty small in the scheme of things) was on that security features list, or would be updated in 8.5, but I asked my Chat product owner to follow up on my response with a little more detail. He'll be doing that in the next few hours.
Thanks for the post!
David F.
Pegasystems Inc.
IN
Sorry I took a while to get around to adding a response here.
Update: Encryption of passwords in the configuration file is allowed in the latest Chat release. We have also back-ported this change to a few previous releases of the product. I would request you to create an SR to check if this fix is already available in your environment
Thank you for the post!
Krishna
Healthnet
US
Thank you for the response Krishna.
For all questions related to product, we are always being advised to create community post instead of a SR.
We are using chat version 7.1.4, will you be able to check and confirm if the password encryption is allowed?
- Bhanu
Accepted Solution
Pegasystems Inc.
IN
Hi Bhanu, I don't think you'd find this fix available in 7.1.4. I would encourage you to upgrade to 7.4 or a later version. As David pointed out above, we have done a whole bunch of security enhancements to Chat in our upcoming 8.4 release. Upgrading to a more recent version would allow you the benefits of many other performance improvements done to the Chat infra and architecture.
Thank you!
Krishna
Healthnet
US
Hello Krishna,
We have chat 7.4 version now. Where can I find documentation about encryption methods available for this version?
Regards,
Bhanu
Healthnet
US
Hello Krishna,
We have chat 7.4 version now. Where can I find documentation and/or examples about encryption methods available for this version?
Please note that the context of this thread is baout config.json file.
Regards,
Bhanu
Healthnet
US
Hello Krishna, @puttk
We have chat 7.4 version now. Where can I find documentation about encryption methods available for this version?
Please note that the context of this thread is about /ChatServer/server/config.json file.
Regards,
Bhanu
Healthnet
US
Hello Krishna/David,
We have chat 7.4 version now. Where can I find documentation about encryption methods available for this version?
Please note that the context of this thread is about /ChatServer/server/config.json file.
Regards,
Bhanu