Palo security

This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

  • Palo security


    I just discovered that currently available Palo version stores plaintext passwords. In the file "C:\Program Files (x86)\Jedox\Palo Suite\palo\data\System\database_CUBE_0.archived" the following lines are visible:

    1357388931.486665;"admin";"";SET_STRING;0,6;"Administrator Account";
    1357388931.486665;"admin";"";SET_STRING;0,0;"7Ddk_4pl"; <--- this is password I set

    Also same string is stored in plaintext format in the cube file (csv).

    Is there something I have missed?

  • Hi,

    if the right API functions for password setting are used then passwords are saved in hashed format (staring version 4.0 I think). The plain passwords are supported only because of backward compatibility or when password is written directly to System cube 0.
    What version you are using? How did you create the user and set password? Excel, Web UI, any API?

  • Hi Jiri,

    I'm currently using CE v3.2 (most recent available download). I used web user manager interface to set the password - i guess this is more or less standard approach for any new adopter.

    Indeed, in version 4 I can see that passwords are hashed.