R12: No passwords in flat files!!

Its been quite long time since I have blogged. I am back to R12 posts...but back to 11i from R12( ...I meant my job presently is in 11i !!!). I am working for the biggest Oracle 11i Ebiz project with 4 node RAC with 10 internal and 10 external mid-tiers will DR setup of same 20 mid-tiers with 4 node RAC. On top of that having multiple testing beta servers makes the project complicated.

Coming back to R12, I am going to touch the issues that we have with 11i in terms of security and how R12 tackles.

In 11i you might have seen couple of files had apps password without encrypted form.

• iAS_TOP/Apache/modplsql/cfg/wdbsvr.app
• ORACLE_HOME/reports60/server/CGIcmd.dat

In R12 you won't see these files anymore. Modplsql module got removed and you won't be seeing the files with apps password.

One of the file($INST_TOP/ora/10.1.3/j2ee/oafm/config/mapViewerConfig.xml) will be having mapviewer schema password in encrypted form. Whenever you change the mapviewer schema password, you need to change the password in this file(with ! mark infront of password) and next oafm OC4J start will encrypt this the password in this file..


So, guess what!, its time to upgrade the 11i systems to R12!!!
Posted by Suresh Lakshmanan at 11:06 PM

2 comments:

Unknown said...

hi suresh i am venkatesh .i completed my oracle apps dba course and right know am in job hunt.could u please guide me.
my mail id bvenkatesh2007@gmail.com

August 1, 2012 at 3:08 PM
Neeraj Singh said...

Hi Venkatesh,
The webdbsrv.app file is not used in R12. You can find the passwords in the file $CONTEXT_FILE which is located in the $APPL_TOP/admon/ file.

Thanks
Neeraj Singh

August 19, 2012 at 3:08 PM

Post a Comment

Subscribe to: Post Comments (Atom)