David Encrypting the password is a useful step, but not a very useful step as essentially the password is still there and could be decrypted, and if one has a copy of the Mid Tier jar files, it's probably achievable in about 2 minutes. This would almost certainly fail a security audit.
The only way to solve this problem is to remove the passwords by implementing SSO. John -- SSO Plugin: Bringing BMC products together. http://www.javasystemsolutions.com/jss/ssoplugin _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug11 www.wwrug.com ARSList: "Where the Answers Are"
