BSI 10 using plain text files for userid/passwords??

 1 Replies
 1 Subscribed to this topic
 27 Subscribed to this forum
Sort:
Author
Messages
Chris
Basic Member
Posts: 8
Basic Member

    We went live with BSI10 in December due to the requirement that BSI9 was no longer supported - like most everyone else.  We have dealt with the quirks/issues that have risen, and so far are not too much worse for the wear.  Today when I was looking through the files I noticed a option file that is stored for each environment you have configured and noticed that within the file BSI stores the DSN that is setup for the environment along with plain text user ID and password to the database.  Is it just me or is this not only a lack of secure practices but just a very outdated approach to managing sensitive account information?  I'm a little concerned that anyone who has access to the server could acquire the credentials to our database(s) just by perusing the minimal files that are on the system.  

    Thoughts?
    -Chris

    John Henley
    Posts: 3353
      There is an option to use windows integrated security which eliminates storing the password.
      Thanks for using the LawsonGuru.com forums!
      John