Topic
  • 2 replies
  • Latest Post - ‏2012-12-23T14:18:44Z by PullMeOut
PullMeOut
PullMeOut
47 Posts

Pinned topic DP Displaying Password in Clear Text

‏2012-12-21T20:52:47Z |
Hermann,
Can you please throw some light on my below concern
When I am running SOMA script <dp:get-config class="SSHClientProfile"/> it is giving out all the SSH client profile details , I see it is even giving the password in clear text .Does generating password in clear text is not security concern ?
Updated on 2012-12-23T14:18:44Z at 2012-12-23T14:18:44Z by PullMeOut
  • HermannSW
    HermannSW
    4877 Posts

    Re: DP Displaying Password in Clear Text

    ‏2012-12-22T15:17:01Z  
    Hello,

    > Can you please throw some light on my below concern
    > When I am running SOMA script <dp:get-config class="SSHClientProfile"/> it is giving out all the SSH client profile details ,
    >
    that is OK.

    > I see it is even giving the password in clear text .Does generating password in clear text is not security concern ?
    >
    For Profile Usage SCC (Secure Cloud Connector) there is no password.
    I agree with you on your concern for SFTP.
    You should restrict access to the XML management in order to not reveal that infomation.

    You may want to raise a PMR on this, but I am not a security guy, I am a compiler guy.

     
    Hermann<myXsltBlog/> <myXsltTweets/>
  • PullMeOut
    PullMeOut
    47 Posts

    Re: DP Displaying Password in Clear Text

    ‏2012-12-23T14:18:44Z  
    • HermannSW
    • ‏2012-12-22T15:17:01Z
    Hello,

    > Can you please throw some light on my below concern
    > When I am running SOMA script <dp:get-config class="SSHClientProfile"/> it is giving out all the SSH client profile details ,
    >
    that is OK.

    > I see it is even giving the password in clear text .Does generating password in clear text is not security concern ?
    >
    For Profile Usage SCC (Secure Cloud Connector) there is no password.
    I agree with you on your concern for SFTP.
    You should restrict access to the XML management in order to not reveal that infomation.

    You may want to raise a PMR on this, but I am not a security guy, I am a compiler guy.

     
    Hermann<myXsltBlog/> <myXsltTweets/>
    Thanks a lot, i will talk with my security team on opening PMR.