Announcement

Collapse
No announcement yet.

How to restrict users accessing DB through SQL BackDoor?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to restrict users accessing DB through SQL BackDoor?

    Dear Pals,

    Could any pls tell me, how to restrict users to use Diag & utility servlets available in OTM? For Ex: SQL backDoor.

    Thanks & Regards,
    Lakshman
    Cheers,
    Murthy

  • #2
    Re: How to restrict users accessing DB through SQL BackDoor?

    I believe anyone who isn't an admin doesn't have access to this servlet. The only other option is to delete it from the glogserver.jar file. This is unspported and you would have to do this every time you installed a patch/rollup update.
    If my post was helpful please click on the Thanks! button

    MavenWire Hosting Admin
    15 years of OTM experience

    Comment


    • #3
      Re: How to restrict users accessing DB through SQL BackDoor?

      Dear Nick,

      Thanks a lot for the information.

      Regards,
      Lakshman
      Cheers,
      Murthy

      Comment


      • #4
        Re: How to restrict users accessing DB through SQL BackDoor?

        You can also disable some servlets (like the SqlServlet) via properties added to glog.properties. Unfortunately, I don't remember the syntax. I'll look it up and post it as soon as I find it.

        Comment


        • #5
          Re: How to restrict users accessing DB through SQL BackDoor?

          Dear Chris,

          I was expecting that there will be some properties. Thanks for the confirmation. Could you post these as and when you get the details.

          Thanks & Regards,
          Lakshman
          Cheers,
          Murthy

          Comment


          • #6
            Re: How to restrict users accessing DB through SQL BackDoor?

            There isn't property for the SQL Servlet in the glog properties. The jar file does not have to be modified. The SQL Servlet can be disabled by removing the Servlet name and mapping from the web.xml file which resides on the Web server.

            Comment


            • #7
              Re: How to restrict users accessing DB through SQL BackDoor?

              That's right. Either you enable each servlet for entire instance or disable it completely.
              Please refer to Metalink Note 850970.1
              --
              Joseph Liang
              MavenWire APAC
              http://www.mavenwire.com/

              Comment


              • #8
                Re: How to restrict users accessing DB through SQL BackDoor?

                Just a quick note - when you apply OTM patches (CUs and RUs) - it'll overwrite the possible that it will overwrite the glogserver.jar file and sometimes will also overwrite web.xml. As a result, you should keep a backup of this file and then re-modify the new file post-patch.

                Make sure you modify the new file, as it may contain additional servlet definitions, which were added by the patch.

                --Chris

                Comment

                Working...
                X