Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Show only
|
Search instead for
Did you mean:
This page has been translated for your convenience with an automatic translation service. This is not an official translation and may contain errors and inaccurate translations. Autodesk does not warrant, either expressly or implied, the accuracy, reliability or completeness of the information translated by the machine translation service and will not be liable for damages or losses caused by the trust placed in the translation service.Translate
Thank you for posting this idea. The SA password is not stored in the web.config file. If it is not the default, the console will prompt for the correct password.
There is also an issue when using non-default SA passwords and using a backup script (connectivity.ADMSconsole). The SA password is exposed in the backup script in plain text - which is a security issue.
We need a method to address many companies’ corporate security policies for the MS SQL account passwords used by Vault. Currently the published passwords and locations for the MS SQL Accounts for "sa" and "VaultSys" are creating security compliancy issues because the passwords are available in “clear text” either within the command line script files for processes like a Vault backup, or in the Web configuration files that use the “VaultSys” account.
To address the “sa” password there are several workflows available ranging from using 3rd party backup tools for the Vault to creating encrypted script files.
However there does not seem to be any workflows to address the need for encrypting the password required for the “VaultSys” account. The "VaultSys" account password can be changed using SQL Server Management Studio, however, it must also then be changed in the Web.config file, which results in the password being stored in “clear text” and violates the companies' security policies.
What is needed is a simple (cost effective) method for Vault and MS SQL Administrators to establish secure passwords for these MS SQL accounts that are not stored or used in any “clear text” format. Ideally the unique passwords could be established during the initial installation of the Vault Server and then managed through the ADMS console or through a separate Vault utility.
We have exactly this problem, its not acceptable in our security standards to have clear text passwords in config files whatever the file security settings. I would like to add my vote that this needs to be updated. I am having to report a non-compliant application in our documentation even though the system has just been installed. I logged a ticket and was asked to post here.
If you look at the web.config all passwords are written in clear text. This is a potential security risk as if anyone breaks into the server and get a hold of this file they can potentially extract data out of the Vault with these accounts. We have a few add-ins for Vault that have an encryption algorithm to read the passwords from the configuration file instead of having them in clear text so I know it is possible.