At least YOU get to change your db password. I have to have a DBA come to my desk every xx days to change the password to some super-secret thing that I do not get to know. Just in case I would try to do something to my own system ya know.
From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Jason Miller Sent: Wednesday, March 13, 2013 9:16 AM To: [email protected] Subject: Re: Mid Tier administration password ** Great, now we have to change our production db password. Thanks for publishing it! On Mar 13, 2013 2:06 AM, "John Baker" <[email protected]<mailto:[email protected]>> wrote: Steve: It is difficult to compare a decade-old open-source enterprise-wide solution (ie Atrium/OpenSSO), that is not well integrated with AR System, with a modern solution built for AR System that sits neatly in Mid Tier and is well supported/respected by BMC customers/partners. :) Matt's found a very nice video and it only goes to highlight the importance of protecting against brute-force attacks, such as automatically locking accounts in AR System after a number of failed login attempts. And of course, changing the default AR#Admin# database password. Joe: An alternative mechanism of integrating Mid Tier and AR System would be to use SSL client certificates. This is how the HP Service Manager web application is integrated with the SM server side application (ie ARS in this world). The down side of this approach is the complexity: SSL client certs is far more complicated to configure than simply entering a password. John _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org<http://www.arslist.org> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
