You're funny Jason :-)
I recall many years ago, when I was fairly new to Remedy, I was at a site, and waiting on a MS-SQL system administrator on the sa password for something (not an install or upgrade but just to login as sa to do something on the server), and could not get in touch with that person, so for fun I attempted to login into that DB (which was a standalone DB for the AR Server) with sa and a blank password, and it went right in! And later found out that many of the SQL servers on their network were having blank passwords for sa :-) When I brought it to their attention, they had no idea these were unprotected. They had several other network logins into these servers that they had forgotten about the sa login.. Joe _____ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Wednesday, March 13, 2013 10:16 AM To: arslist@ARSLIST.ORG Subject: Re: Mid Tier administration password ** Great, now we have to change our production db password. Thanks for publishing it! On Mar 13, 2013 2:06 AM, "John Baker" <jba...@javasystemsolutions.com> wrote: Steve: It is difficult to compare a decade-old open-source enterprise-wide solution (ie Atrium/OpenSSO), that is not well integrated with AR System, with a modern solution built for AR System that sits neatly in Mid Tier and is well supported/respected by BMC customers/partners. :) Matt's found a very nice video and it only goes to highlight the importance of protecting against brute-force attacks, such as automatically locking accounts in AR System after a number of failed login attempts. And of course, changing the default AR#Admin# database password. Joe: An alternative mechanism of integrating Mid Tier and AR System would be to use SSL client certificates. This is how the HP Service Manager web application is integrated with the SM server side application (ie ARS in this world). The down side of this approach is the complexity: SSL client certs is far more complicated to configure than simply entering a password. John _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
