Server configuration - Client Password encrypt

[epasinetti]

I need to create a server that must be accesible with username and password, I see in standard configuration file this section :

<!-- Allows username/password --> <ua:UserTokenPolicy> <ua:TokenType>UserName_1</ua:TokenType> <!-- passwords must be encrypted - this specifies what algorithm to use --> <!-- if no algorithm is specified, the active security policy is used --> <!-- <ua:SecurityPolicyUri>http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256</ua:SecurityPolicyUri> --> </ua:UserTokenPolicy>

What is the meaning of comments ? there is a sample that show how to encrypt password ?
Thank you

[mregen]

Hi @epasinetti, the configuration that you see only enables the UserAuth as per security profile.
Please check in the ReferenceServer how to implement the username/password or X509 Auth token support. A better solution than hardcoded users should be used in production.