Jedox integrated encryption

You can encrypt databases using hash algorithms. Plain text information will no longer be stored if a server installation is encrypted. An encrypted database cannot be decrypted at any time later.

You can turn on the integrated encryption in the palo.ini(see palo.ini.sample).

Windows encryption of database files

In addition to the steps described in Admin User Accounts under “Jedox Administrator account”, one could also add an additional step between steps 6 and 7. This step takes place at this point because the rights for the Jedox administrator will be reduced later in the process. In this step we turn on EFS encryption on data directory (EFS = Encrypting File System). (

Note: if the users are managed over Active Directory, AD, then a certificate must be stored on the AD server.  This has nothing to do with the key – the key will be generated upon activation of the encryption. If the keys cannot be managed by the AD server, a special certificate server is needed.

In Windows Explorer, select the C:\Jedox directory. Right-click and choose Properties from the context menu. Click the  Advanced… button and turn on “Encrypt contents to secure data”:

After clicking OK, all files in C:\Jedox\data are encrypted, particularly the file database_CUBE_0.csv of the System database with the users and passwords.

You can grant access to more users on specific files (e.g. palo.ini and palo.ini.sample) by adding them to the list of users who have transparent access to those files.

For more information on EFS, please consult:


After this step continue with step 7 of “Special Jedox administrator account“, described in the article Admin User Accounts. When all steps are done, the content of the directory C:\Jedox will only be accessible to the palorunner user and the administrator (Note: on Windows 2008 Server, only to the palorunner user).