AnsweredAssumed Answered

SDM Login security question

Question asked by cdtj Champion on Jan 14, 2016
Latest reply on Jan 15, 2016 by cdtj

Hello team,

 

we running SDM 12.7 and we have shared access to SDM to specified contractors over internet,

so I'm worry is there any protection against brute force (password enumeration)?

Also SDM have different AHD errors for invalid login and invalid password, this makes bruteforcing much easier for malefactor.

 

Another question is Web Services (AXIS), where is a lot of data published in free access and could be potential security leak.

For example here:

http://<SDM>:<TOMCAT PORT>/axis/happyaxis.jsp

 

Regards,

cdtj

Outcomes