Vault IdeaStation
Share your wish list directly with the Autodesk Vault Development Team
6 Kudos
grzjoh48

please take a look at security

Status: Comments Requested
by grzjoh48 on ‎09-20-2012 02:09 AM

of default passwords

sa

autodeskvault

vaultsys

 

all default passwords and in cleartext in web.conf

Comments
by Board Manager on ‎09-20-2012 09:40 AM
Status changed to: Accepted
Thank you for posting this idea. The SA password is not stored in the web.config file. If it is not the default, the console will prompt for the correct password.
by Board Manager on ‎09-20-2012 09:40 AM
Status changed to: Under Review
 
by grzjoh48 on ‎09-20-2012 09:27 PM

hi irvin,

 

yeah, but vaultsys who is sysadmin on the sql server is in the webconfig.

br

hannes

 

by Active Contributor clastrilla on ‎04-25-2013 10:09 PM

There is also an issue when using non-default SA passwords and using a backup script (connectivity.ADMSconsole). The SA password is exposed in the backup script in plain text - which is a security issue.

by Board Manager on ‎01-28-2014 07:51 AM
Status changed to: Comments Requested
 
Submit Your Ideas

Share and shape product ideas.

New Idea
You are not logged in.

Log into access your profile, ask and answer questions, share ideas and more. Haven't signed up yet? Register

Announcements
IdeaStation Guidelines
Review guidelines and best practices
before posting a new idea
Top Kudoed Authors