Hi,
We were carrying out penetration tests on our network and as I logged into datastage the IP packet was captured. In this packet was both the username and password in clear text.
We are not currently using SSL, as we did a default install of InfoSphere and this is without SSL enabled.
I've checked the documentation for enabling SSL and the implementation documentation specifies that there is a degredation in performance when SSL is enabled, however it does not specify to what extent.
So is there anyway to ecrypt the password that is used to log in to datastage without enabling SSL. If not are there any pit falls I should be aware of if I enable SSL.
Thanks
Datastage Log in Password Encryption
Moderators: chulett, rschirm, roy
-
- Premium Member
- Posts: 57
- Joined: Tue Jun 30, 2009 9:38 am
If unix encrypts it, how will DataStage know what the actual password is? The only way the login password can be encrypted is if the DataStage login process has the functionality to do so, which I haven't heard of (and would have thought it was the default).
Would say though that should your network be breached I'm sure your work will have more problems than worrying about DataStage passwords being captured (or are you navigating the internet to log in?)
Would say though that should your network be breached I'm sure your work will have more problems than worrying about DataStage passwords being captured (or are you navigating the internet to log in?)