Hello friends, We are currently working on maintainance of a huge project wherein we are using Weblogic 5.1.Weblogic 5.1 stores userid and passwords for administrative functions in clear text on disk. As a result, machines in a weblogic cluster could be improperly administered or disabled. Weblogic components could be improperly deployed. Hence If we want to avoid this scenario what should we do? All suggestions \ options would be greatly appreciated. Thanks in advance, Regards, Milan
You could upgrade to 6.1 or 7.0, which encrypt passwords stored in config files on disk.
Joined: May 29, 2001
Thanks Dave , Thats quite obvious and the right choice.However my probelem is that this existing project ( which was made around 18 months back ) is on WebLogic 5.1 and the client is not yet keen to shift over to higher version. No doubt we are also persuading him but in the meantime can we have any solution to this? You have also specified that I should lock down the access to the disk. Can you pelase ellaborate on that. Honestly I could not comprehend much out of it. Thanks and regards, Milan Doshi [ August 28, 2002: Message edited by: Doshi Milan ]
Joined: Jul 24, 2002
By "lock down the disk", I mean use your Operating System features to deny access to that disk or the file for users that should not have access. For example, on unix you would probably make a wlsadmin group and chgrp all the server files to that group. Then chmod u-rwx the files to deny access to anyone not in that group. Add only the users that need access to that group.