Removing Credentials from a Cloned EBS Database

Hello Everyone!!!

One of the essential duty of Apps DBA is to protect the system from both external and internal threats. When you clone the environment and leave the cloned system to developer for development, you gotta make sure you have cleared the credentials before handing over to external folks.

If you look at the links, you will come to know how easy it is to get the passwords of application users if they have access the applications database or appltop.
To protect the system you should make sure all the passwords are cleaned before handed over to the dev userbase.

http://johanlouwers.blogspot.com/2006/12/oracle-applications-passwords.html
http://awads.net/wp/2006/12/12/oracle-e-business-suite-vulnerability-users-passwords-decrypted/

Here, you have the metalink Note 419475.1 to follow to make the system with new passwords.

1. Step 1 - Clear all credentials
2. Step 2 - Re-establish basic accounts (for runtime:
SYS,SYSTEM,APPLSYSPUB,APPLSYS,APPS + GUEST,SYSADMIN)
3. Step 3 - Prepare scripts for setting additional passwords
4. Step 4 - Assign new passwords to all database users not managed with EBS
5. Step 5 - Assign new passwords to all database users managed with EBS
6. Optional addition steps

Note 419475.1 is for novice and you have been given clear scripts to do all the steps.

Hope this helps you to manage the APPS system in a better way.!!

Happy Learning!!!

5 comments:

Suresh Lakshmanan said...

In fact this link gives you better way to find the passwords

http://521102yz.itpub.net/post/5095/84876

so, do the steps mentioned in the note to avoid the password exposures.

Anonymous said...

Hi suresh,

How are you?Im fine and doing good here....

I need one favour from you.

Cloning document for R12 in windows server 2003 ent edition.

thanks
sundar

Suresh Lakshmanan said...

Hi Sundaravel,

Sorry for the delay in response. your mail got burried in bunch of mails.
Here is the metalink note for R12 clone. note 406982.1.

Thanks
Suresh

Raj over mail said...

Hi Suresh,

I have gone through your blog and it is really impressive. I need your help. I have 3 node Production environment (DB Tier+Conc/Admin+Forms/Web). Non-Production also has the same envionment. Every day we need to clone from Production to Non-production. We wanted to automate the complete cloning process (just execute ONE SINGLE SHELL script) i.e, Pre-clone, Copy portion, Confiture target & post cloning steps. Do you have any procedure with you. If so please let me know.

Thanks & Regards

Raj

Suresh Lakshmanan said...

Hi Raj,

Enable SSH/RSH between the owner of db and midtiers, you should be able to run the preclone.pl config scripts. Standard oracle cloning scripts are almost automated. scripts vary environment to environment and version to version.

Suresh