Without looking, I think patch 007 of the 7.5 BMC Remedy User fixed a password-related issue. It should be in the release notes.
David Durling University of Georgia From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Thad Esser Sent: Friday, September 23, 2011 4:59 PM To: [email protected] Subject: Passwords in URLs ** Hi, I'm pretty sure there's no resolution to this, but I wanted to ask the list anyway. A user (using the user tool) recently noticed that his password is displayed in clear text on an error message (see the red box on the attached screenshot). He happened to be building a PDT for SRM at the time, but I've seen similar errors on other data visualization fields. We don't see enough of these errors for me to have ever fully chased it down, although now that its been brought up to the security team, it is probably going to become a priority. They say it will show up as clear text in the web logs as well. Does anyone have any suggestions on how to eliminate the issue, or explain it away? ARS 7.1 on AIX with Oracle 10g remote Midtier 7.5 p6 ITSM 7.0.3 p9 SRM 2.2 p4 Thanks, Thad _attend WWRUG11 www.wwrug.com<http://www.wwrug.com> ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
