IBM Support

IZ28489: PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES MAY APPEAR IN TRACE OUTPUT.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The connection string keywords Password/pwd and
    TrustedContextSystemPassword/Trusted Context System
    Password/tcspwd will have unmasked values appear in tracing
    output. Only TrustedContextSystemPassword and its variants will
    appear unmasked in full connection string tracing, but both
    keywords will have unmasked values appear when using
    DB2ConnectionStringBuilder. DB2ConnectionStringBuilder is used
    for all connections created through Visual Studio's Add
    Connection Dialog/wizard.
    Trace output should not be sent to third parties until this fix
    is applied.
    Password values associated with password-related connection
    string keywords appear unmasked in trace output.
    

Local fix

  • The only workaround is to not turn on tracing and/or to not
    send trace output to third parties.
    

Problem summary

  • ****************************************************************
    USERS AFFECTED:
    .NET clients (Windows platforms)
    ****************************************************************
    PROBLEM DESCRIPTION:
    Password values appear in tracing output of .NET clients.
    ****************************************************************
    RECOMMENDATION:
    Upgrade to DB2 v9.1 fixpack 6, and DB2 v9.5 fixpack 2, or
    later
    ****************************************************************
    

Problem conclusion

  • Passwords will no longer appear in .NET tracing output as of DB2
    v9.1 fixpack 6, and DB2 v9.5 fixpack 2.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IZ28489

  • Reported component name

    DB2 UDB ESE AIX

  • Reported component ID

    5765F4100

  • Reported release

    950

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-07-29

  • Closed date

    2008-10-23

  • Last modified date

    2008-10-23

  • APAR is sysrouted FROM one or more of the following:

    IZ23915

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDB ESE AIX

  • Fixed component ID

    5765F4100

Applicable component levels

  • R950 PSN

       UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"950","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
23 October 2008