|
| XAL - Sarbanes Oxley Compliant |
 |
Tue, 19 Feb 2008 06:32:00 -080 |
When XAL and SQL installation is first set up, it is given a user name and
password which allows ODBC connections to the SQL database. For our customers
this is normally 'xal_supervisor' and is never changed. However for SOX
compliance this means if any user knows the password they can direct access
the SQL database and affect the data without going through the application.
This obviously is not good.
Is their any issues in changing this user name and password ? Have any knock
on effects? where would this be done about ?
--
|
| Post Reply
|
| Re: XAL - Sarbanes Oxley Compliant |
 |
Wed, 20 Feb 2008 04:17:01 -080 |
Hi Henrick, thanks for this. How would this 'SQL-login' script be chnaged ?
when i run this script from the Run/XAL option and select the option password
nothing happens. Where is this login script called from?
the code
'#Case ('PASSWORD')
PROCESS #PROC_USER 'MODE=OPASSWORD'
This is what gets called when selecting option password- would it be here
where password would be set or changed and any hints on the code.
I'm just looking to see where I can change or set the password and how this
can be tested.
thanks again
alan.
--
alan
"Henrik Hansen [MSFT]" wrote:
> Hello Allan,
>
> You can hide the password for the database user.
> Using the XAL script SQL-Login.XAL you can can set/change the password for
> the database user, when SQL authentication is used.
> This way the password is not exposed to the users of the system.
>
> --
> Best Regards
> Henrik Hansen [MSFT]
> Tecnical Program Manager Microsoft Dynamics C5 & Microsoft XAL
> =====================================================
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers
no rights.
>
> "alan" <alan@discussions.microsoft.com> wrote in message
> news:76C9515E-E8E5-4006-AF24-CE57FF397CA9@microsoft.com...
> > When XAL and SQL installation is first set up, it is given a user name
and
> > password which allows ODBC connections to the SQL database. For our
> > customers
> > this is normally 'xal_supervisor' and is never changed. However for
SOX
> > compliance this means if any user knows the password they can direct
> > access
> > the SQL database and affect the data without going through the
> > application.
> > This obviously is not good.
> > Is their any issues in changing this user name and password ? Have any
> > knock
> > on effects? where would this be done about ?
> > --
> > alan
|
| Post Reply
|
| Re: XAL - Sarbanes Oxley Compliant |
 |
Wed, 20 Feb 2008 07:05:28 +010 |
Hello Allan,
You can hide the password for the database user.
Using the XAL script SQL-Login.XAL you can can set/change the password for
the database user, when SQL authentication is used.
This way the password is not exposed to the users of the system.
--
Best Regards
Henrik Hansen [MSFT]
Tecnical Program Manager Microsoft Dynamics C5 & Microsoft XAL
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
"alan" <alan@discussions.microsoft.com> wrote in message
news:76C9515E-E8E5-4006-AF24-CE57FF397CA9@microsoft.com...
> When XAL and SQL installation is first set up, it is given a user name and
> password which allows ODBC connections to the SQL database. For our
> customers
> this is normally 'xal_supervisor' and is never changed. However for SOX
> compliance this means if any user knows the password they can direct
> access
> the SQL database and affect the data without going through the
> application.
> This obviously is not good.
> Is their any issues in changing this user name and password ? Have any
> knock
> on effects? where would this be done about ?
> --
> alan
|
| Post Reply
|
| Re: XAL - Sarbanes Oxley Compliant |
 |
Thu, 21 Feb 2008 06:50:36 +010 |
Hello Allan,
It should work this way (might look strange here):
■─────────────────────────
─────── SQL-Login ┐
│ Parameter...................: PASSWORD____ │
└─────────────────────────
──────────────────┘
■─────────────────────────
──────────────────────────
────────┐
│ Enter old SQL password :******************____________ │
└─────────────────────────
──────────────────────────
────────┘
■─────────────────────────
──────────────────────────
────────┐
│ Enter new SQL password :******************____________ │
└─────────────────────────
──────────────────────────
────────┘
■─────────────────────────
──────────────────────────
────────┐
│ Re-enter new SQL password :******************____________ │
└─────────────────────────
──────────────────────────
────────┘
■──────────────────────┐
│ SQL password changed │
│ OK │
└──────────────────────┘
Testing is done by leaving out the -zp<password> from your start-up
parameters in cxal.ini, shortcuts og batch scripts used for strat up.
The above is based on XAL 3.5 SP5.
--
Best Regards
Henrik Hansen [MSFT]
Tecnical Program Manager Microsoft Dynamics C5 & Microsoft XAL
=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.
"alan" <alan@discussions.microsoft.com> wrote in message
news:BB781A31-2871-462E-8482-8725ADCB3D14@microsoft.com...
> Hi Henrick, thanks for this. How would this 'SQL-login' script be chnaged
> ?
> when i run this script from the Run/XAL option and select the option
> password
> nothing happens. Where is this login script called from?
>
> the code
> '#Case ('PASSWORD')
> PROCESS #PROC_USER 'MODE=OPASSWORD'
>
> This is what gets called when selecting option password- would it be here
> where password would be set or changed and any hints on the code.
>
> I'm just looking to see where I can change or set the password and how
> this
> can be tested.
>
> thanks again
>
> alan.
>
>
>
>
>
>
> --
> alan
>
>
> "Henrik Hansen [MSFT]" wrote:
>
>> Hello Allan,
>>
>> You can hide the password for the database user.
>> Using the XAL script SQL-Login.XAL you can can set/change the password
>> for
>> the database user, when SQL authentication is used.
>> This way the password is not exposed to the users of the system.
>>
>> --
>> Best Regards
>> Henrik Hansen [MSFT]
>> Tecnical Program Manager Microsoft Dynamics C5 & Microsoft XAL
>> =====================================================
>> When responding to posts, please "Reply to Group" via
>> your newsreader so that others may learn and benefit
>> from your issue.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and
confers no
>> rights.
>>
>> "alan" <alan@discussions.microsoft.com> wrote in
message
>> news:76C9515E-E8E5-4006-AF24-CE57FF397CA9@microsoft.com...
>> > When XAL and SQL installation is first set up, it is given a user
name
>> > and
>> > password which allows ODBC connections to the SQL database. For
our
>> > customers
>> > this is normally 'xal_supervisor' and is never changed. However
for
>> > SOX
>> > compliance this means if any user knows the password they can
direct
>> > access
>> > the SQL database and affect the data without going through the
>> > application.
>> > This obviously is not good.
>> > Is their any issues in changing this user name and password ? Have
any
>> > knock
>> > on effects? where would this be done about ?
>> > --
>> > alan
>>
|
| Post Reply
|
| Re: XAL - Sarbanes Oxley Compliant |
 |
Thu, 21 Feb 2008 12:10:52 +010 |
Henrik Hansen [MSFT] napisał(a):
> Hello Allan,
>
> It should work this way (might look strange here):
>
>
■─────────────────────────
─────── SQL-Login ┐
> │ Parameter...................: PASSWORD____ │
>
└─────────────────────────
──────────────────┘
>
>
■─────────────────────────
──────────────────────────
────────┐
> │ Enter old SQL password :******************____________ │
>
└─────────────────────────
──────────────────────────
────────┘
>
>
■─────────────────────────
──────────────────────────
────────┐
> │ Enter new SQL password :******************____________ │
>
└─────────────────────────
──────────────────────────
────────┘
>
>
■─────────────────────────
──────────────────────────
────────┐
> │ Re-enter new SQL password :******************____________ │
>
└─────────────────────────
──────────────────────────
────────┘
>
> ■──────────────────────┐
> │ SQL password changed │
> │ OK │
> └──────────────────────┘
>
> Testing is done by leaving out the -zp<password> from your start-up
> parameters in cxal.ini, shortcuts og batch scripts used for strat up.
>
> The above is based on XAL 3.5 SP5.
>
>
One thing more, You have to be logged as a SUPERVISOR user in XAL.
--
|
| Post Reply
|
|
|
|
|
|
|
|
|
|