Palo security

    Palo security

    Hi,


    I just discovered that currently available Palo version stores plaintext passwords. In the file "C:\Program Files (x86)\Jedox\Palo Suite\palo\data\System\database_CUBE_0.archived" the following lines are visible:

    1357388931.486665;"admin";"";SET_STRING;0,9;"Administrator";
    1357388931.486665;"admin";"";SET_STRING;0,6;"Administrator Account";
    1357388931.486665;"admin";"";SET_STRING;0,0;"7Ddk_4pl"; <--- this is password I set

    Also same string is stored in plaintext format in the cube file (csv).

    Is there something I have missed?

    Thanks,
    Madis
    Hi,

    if the right API functions for password setting are used then passwords are saved in hashed format (staring version 4.0 I think). The plain passwords are supported only because of backward compatibility or when password is written directly to System cube 0.
    What version you are using? How did you create the user and set password? Excel, Web UI, any API?

    Jiri
    Hi Jiri,

    I'm currently using CE v3.2 (most recent available download). I used web user manager interface to set the password - i guess this is more or less standard approach for any new adopter.

    Indeed, in version 4 I can see that passwords are hashed.

    Thanks
    Madis