• Industries
  • Products
  • Buy
  • Services & Support
  • Communities
    • Discussion Groups
    Idea Options
    4 Kudos

    please take a look at security

    Status: Under Review
    by grzjoh48 on ‎09-20-2012 02:09 AM

    of default passwords

    sa

    autodeskvault

    vaultsys

     

    all default passwords and in cleartext in web.conf

    Status: Under Review
    Labels:
    Comments
    by Board Manager ihayesjr on ‎09-20-2012 09:40 AM
    Options
    Status changed to: Comments Requested
    Thank you for posting this idea. The SA password is not stored in the web.config file. If it is not the default, the console will prompt for the correct password.
    by Board Manager ihayesjr on ‎09-20-2012 09:40 AM
    Options
    Status changed to: Under Review
     
    by grzjoh48 on ‎09-20-2012 09:27 PM
    Options

    hi irvin,

     

    yeah, but vaultsys who is sysadmin on the sql server is in the webconfig.

    br

    hannes

     

    by clastrilla on ‎04-25-2013 10:09 PM
    Options

    There is also an issue when using non-default SA passwords and using a backup script (connectivity.ADMSconsole). The SA password is exposed in the backup script in plain text - which is a security issue.

    Announcements
    IdeaStation Guidelines
    Review guidelines and best practices
    before posting a new idea
    Top Kudoed Authors
    User Kudos Count
    13
    7
    6
    6
    5
    View All