File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes EJB and other Java EE Technologies and the fly likes Weblogic userid/pasword is seen. How to avoid it ? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "Weblogic userid/pasword is seen. How to avoid it ?" Watch "Weblogic userid/pasword is seen. How to avoid it ?" New topic
Author

Weblogic userid/pasword is seen. How to avoid it ?

Doshi Milan
Ranch Hand

Joined: May 29, 2001
Posts: 112
Hello friends,
We are currently working on maintainance of a huge project wherein we are using Weblogic 5.1.Weblogic 5.1 stores userid and passwords for administrative functions in clear text on disk. As a result, machines in a weblogic cluster could be improperly administered or disabled. Weblogic components could be improperly deployed.
Hence If we want to avoid this scenario what should we do?
All suggestions \ options would be greatly appreciated.
Thanks in advance,
Regards,
Milan
Dave Landers
Ranch Hand

Joined: Jul 24, 2002
Posts: 401
You could upgrade to 6.1 or 7.0, which encrypt passwords stored in config files on disk.
Doshi Milan
Ranch Hand

Joined: May 29, 2001
Posts: 112
Thanks Dave ,
Thats quite obvious and the right choice.However my probelem is that this existing project ( which was made around 18 months back ) is on WebLogic 5.1 and the client is not yet keen to shift over to higher version. No doubt we are also persuading him but in the meantime can we have any solution to this?
You have also specified that I should lock down the access to the disk. Can you pelase ellaborate on that. Honestly I could not comprehend much out of it.
Thanks and regards,
Milan Doshi
[ August 28, 2002: Message edited by: Doshi Milan ]
Dave Landers
Ranch Hand

Joined: Jul 24, 2002
Posts: 401
By "lock down the disk", I mean use your Operating System features to deny access to that disk or the file for users that should not have access.
For example, on unix you would probably make a wlsadmin group and chgrp all the server files to that group. Then chmod u-rwx the files to deny access to anyone not in that group. Add only the users that need access to that group.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Weblogic userid/pasword is seen. How to avoid it ?
 
Similar Threads
servers compatable with weblogic
cloudscape
Page Caching...
Weblogic 5.1 userid/pasword
weblogic for win98