Credentials stored in DB? How to hide Credentials option? - 12.1 Web Viewer
Article ID: 227635
Updated On:
Products
Issue/Introduction
We are currently running 12.1 on our production systems. On the Configuration/Credentials screen where it shows Default credentials for all repositories, and then Individual credentials for each repository.
1) Are these accurate values? Is OMWV storing userid and associated password information in the database? Is this a security exposure?
2) Is OMWV making a SAF call to confirm the user password, or is it being retrieved from the database if it's being stored.
3) I updated the configuration settings and checked "hide credentials" and logged off and back on, but still see the credentials.
Environment
Release : 12.1
Component : CA OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS
Resolution
1) Yes and No. Yes, Web Viewer will store certain credential information in its external DB. No there is no security risk as all passwords are stored encrypted or hashed.
2) No, Web Viewer is not making SAF calls at signon. Such calls (from Top Secret, ACF2 and RACF) are made from DRAS and mostly CA View during Web Viewer signons and whilst accessing a other repositories which require different credentials. In other words, whenever the user is prompted for a password, a security call is made from the mainframe cooperative processing components..
3) The credentials option has to be administered from the Roles. Administration tab - Role - select the role (Default User?) - Configuration Tab Elements - Select Credentials and then click the Update button. Now when someone logs in with the role you just changed, they should no longer have the Credentials option under the Configuration tab. This cannot be a globally configured option. It has to be based on the role.
Feedback
