JDEdwards application passwords

From: Stout, Bill (StoutB@PIONEER-STANDARD.COM)
Date: Mon May 03 1999 - 12:09:11 PDT

Next message: van Hauser: "anonymizing unix"

Previous message: David Adrian: "Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anyone have experience with JDEdwards applications(WorldVision/OneWorld)?

The user JDE password JDE is written into multiple places in config files,
and is typically installed with SECOFR priviledges for AS/400s (DB2), or
admin priviledges in NT/UNIX Oracle/SQLserver databases.  Changing the
password for user JDE breaks the application, since the password is coded
into multiple places, possibly compiled.  I've been told that it's not
trivial to tighten this properly, and typically is not done.

I can't believe this can't be configured securely.  Any experience with
this?

Bill Stout

Next message: van Hauser: "anonymizing unix"
Previous message: David Adrian: "Re: *Huge* security hole in Oracle 8.0.5 with Intellegent agent"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:44:43 PDT