This week's book giveaway is in the Cloud/Virtualizaton forum.
We're giving away four copies of Mesos in Action and have Roger Ignazio on-line!
See this thread for details.
Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Weblogic userid/pasword is seen. How to avoid it ?

 
Doshi Milan
Ranch Hand
Posts: 112
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello friends,
We are currently working on maintainance of a huge project wherein we are using Weblogic 5.1.Weblogic 5.1 stores userid and passwords for administrative functions in clear text on disk. As a result, machines in a weblogic cluster could be improperly administered or disabled. Weblogic components could be improperly deployed.
Hence If we want to avoid this scenario what should we do?
All suggestions \ options would be greatly appreciated.
Thanks in advance,
Regards,
Milan
 
Dave Landers
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You could upgrade to 6.1 or 7.0, which encrypt passwords stored in config files on disk.
 
Doshi Milan
Ranch Hand
Posts: 112
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Dave ,
Thats quite obvious and the right choice.However my probelem is that this existing project ( which was made around 18 months back ) is on WebLogic 5.1 and the client is not yet keen to shift over to higher version. No doubt we are also persuading him but in the meantime can we have any solution to this?
You have also specified that I should lock down the access to the disk. Can you pelase ellaborate on that. Honestly I could not comprehend much out of it.
Thanks and regards,
Milan Doshi
[ August 28, 2002: Message edited by: Doshi Milan ]
 
Dave Landers
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By "lock down the disk", I mean use your Operating System features to deny access to that disk or the file for users that should not have access.
For example, on unix you would probably make a wlsadmin group and chgrp all the server files to that group. Then chmod u-rwx the files to deny access to anyone not in that group. Add only the users that need access to that group.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic