 |
|||||
|
As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only. Join the TIBCO Community
Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community. | |||||
Read-Only TopicGo | Search | Notify | Tools |
| [SOLVED] &IBIC_pass Exposed | Login/Join |
| Silver Member |
Hi, Can anybody please explain to me why my &IBIC_pass variable is exposed? I'm using LDAP security (Trusted) and when I type -TYPE &IBIC_passit shows me the user's LDAP password. This is happening in my DEV environment but not in production. For the life of me I can't seem to locate the config difference between the two that would allow this behavior. Many thanks!  This message has been edited. Last edited by: Yazster, WebFOCUS 8.201M Windows, Linux, All Outputs | ||
|
| Virtuoso |
WF Admin Console -> Configuration -> Custom Settings. Take out the line for &IBIC_pass and save. Check setting for both environments. 8.2.02M (production), 8.2.02M (test), Windows 10, all outputs. | |||
|
| Silver Member |
Thanks for that, seems to have done the trick. Oddly enough though, both environments have the same custom settings, and yet my production environment doesn't expose the passwords... Guessing there's another setting somewhere... <SET> IBIMR_user(PASS) <SET> IBIMR_pass(PASS) <SET> IBIC_user(PASS) <SET> IBIC_pass(PASS) WebFOCUS 8.201M Windows, Linux, All Outputs | |||
|
| Guru |
Is both your DEV and Prod on 8.1.4? Just curious. I tested it on 8.00.8 and it does not expose the password. I do have an 8.1.4 environment, but I haven't tested it. WebFOCUS 8.1.05 | |||
|
| Silver Member |
Yes both are 8.104. I had the settings previously on 8.008 and all worked fine, no passwords were exposed. After upgrading both environments, passwords were exposed in my dev environment. No changes (to my knowledge) were made to either environment. WebFOCUS 8.201M Windows, Linux, All Outputs | |||
|
| Guru |
I tried it in my 8.1.4 environment, but I am not seeing it, in fact I am getting prompted or getting an error that it can't find the value, depending on where I am running it from, either MRE or RS. I kind of wonder why you would have We use LDAP along with SiteMinder, so anything I want to pass from LDAP, I have our LDAP admin throw it into the SM_HEADER to secure it properly. Otherwise you could have some spoofing. By any means I am no expert. -SET &ECHO='ALL'; -TYPE &IBIC_pass TABLE FILE CAR PRINT COUNTRY END -RUN WebFOCUS 8.1.05 | |||
|
| Silver Member |
The IBIMR_pass (PASS) statement was added by an IBI consultant when they created an initial application for us. Not really sure if/why it is required. Removing the &IBIC_pass from the Custom Settings seems to have resolved the issue. This doesn't seem to have impacted anything negatively, I suppose time will tell Thanks for your help guys, much appreciated! WebFOCUS 8.201M Windows, Linux, All Outputs | |||
|
| Powered by Social Strata |
 | Please Wait. Your request is being processed... |
Read-Only TopicCopyright © 1996-2020 Information Builders
| View $GS_USERNAME's Public Profile |
| Add $GS_USERNAME to my Ignore List |
| View Recent Posts by $GS_USERNAME |
| Notify me of New Posts by $GS_USERNAME |