A basic security problem occurs because the AEENV file is an ASCII text file that contains DBMS ID and password information. To run a transaction, a user must have permission to read the AEENV file that associates trancodes, load modules, and DBMS connect information. When users have access to this file, they can also browse the file, read the DBMS ID and password, and connect to the database using generic utilities to query and manipulate the database, unrestricted by the generated application's data integrity and security processing.
One solution to this problem uses a standard UNIX and Linux file access capability that grants a user the file access privileges of another user only while running a program the other user owns. Specific users can use CA Gen applications while preserving database ID and password information security.
|
Copyright © 2015 CA Technologies.
All rights reserved.
|
|