Date: Mon, 3 May 1999 15:09:11 -0400
From: "Stout, Bill" <StoutB@PIONEER-STANDARD.COM>
To: BUGTRAQ@netspace.org
Subject: JDEdwards application passwords


Anyone have experience with JDEdwards applications(WorldVision/OneWorld)?

The user JDE password JDE is written into multiple places in config files,
and is typically installed with SECOFR priviledges for AS/400s (DB2), or
admin priviledges in NT/UNIX Oracle/SQLserver databases.  Changing the
password for user JDE breaks the application, since the password is coded
into multiple places, possibly compiled.  I've been told that it's not
trivial to tighten this properly, and typically is not done.

I can't believe this can't be configured securely.  Any experience with
this?

Bill Stout