IBM Support

JR28314: SECURITY: THE PASSWORD USED TO CONNECT TO THE DATABASE CAN BE SEEN IN CLEAR TEXT FROM A MEMORY DUMP.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When a memory dump occurs the password used to connect to a
    database remains visible in clear text in memory; even after a
    number of SQL statements have been issued past the database
    connect point and until an application terminates.
    
    The ideal behavior should be that the password is no longer in
    memory as soon as the successful database connection has been
    established.
    

Local fix

Problem summary

  • When a memory dump occurs the password used to connect to a
    database remains visible in clear text in memory; even after a
    number of SQL statements have been issued past the database
    connect point and until an application terminates.
    
    The ideal behavior should be that the password is no longer in
    memory as soon as the successful database connection has been
    established.
    

Problem conclusion

  • First Fixed in v9.5 DB2 Fixpak 1
    

Temporary fix

Comments

APAR Information

  • APAR number

    JR28314

  • Reported component name

    DB2 UDB ESE WIN

  • Reported component ID

    5765F4101

  • Reported release

    950

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-01-16

  • Closed date

    2008-04-30

  • Last modified date

    2008-04-30

  • APAR is sysrouted FROM one or more of the following:

    JR27422

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DB2 UDB ESE WIN

  • Fixed component ID

    5765F4101

Applicable component levels

  • R950 PSY UP

       JR28314

  • R810 PSN

       UP

  • R820 PSN

       UP

  • R910 PSN

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSEPGG","label":"DB2 for Linux, UNIX and Windows"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"950","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
30 April 2008