Rick Cook wrote:
** Shows passwords where?
Rick
Sent from my Verizon Wireless BlackBerry
------------------------------------------------------------------------
*From*: Ian Trimnell
*Date*: Wed, 20 May 2009 13:32:04 +0100
*To*: <[email protected]>
*Subject*: Re: Security issue with 7.5
Lammey, Peter A. wrote:
**
Are your User accounts setup with specific passwords or are you
utilizing LDAP authentication?
Thanks
Peter Lammey
ESPN IT Client Architecture and Automation
860-766-4761
Peter,
We are using LDAP authentication and this issue shows passwords where
users are authenticated against our Active Directory server as well as
those 'local' users (non-AD accounts) whose passwords are stored in
the User form.
It is rather worrying, as our Partner has pointed out to BMC, if BMC
have used these functions on their own applications (ITSM et al). We
are custom built here and have only noticed this when we were
debugging our system as we plan to upgrade over the coming weekend.
Ian
Rick,
The passwords are shown in the clear in the worklog file; the one
defined in the Tools -> Options box under the Logging tab.
Sorry if I had not been specific enough.
Ian
------------------------------------------------------------------------
Ian Trimnell, AR System Lead Developer (amongst other jobs),
Specialist Support & Information Team, Academic & Administrative
Computing Service
Open University, MILTON KEYNES, UK
Phone: 01908 653741 web: http://www.open.ac.uk/
The Open University is incorporated by Royal Charter (RC 000391), an
exempt charity in England & Wales and a charity registered in Scotland
(SC 038302).
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
Platinum Sponsor:[email protected] ARSlist: "Where the Answers Are"
