Remove password restoring capability, store only user id in the FRACAS(Relex) tool.
Today in the Windchill Quality Solutions - FRACAS module, we have an option on login to remember the login credentials that stores the user id and password in cookies.
The passwords should NOT be stored in a cookie on user's machine. This leads to security issues. It is very easy to hack and break into.
please fix this ASAP.
Hello Sapna, nice to hear from you. Please note that this is not true. We do not store user authentication as cookies. If a user elects to have the system remember their user name and password, they are put in Isolated Storage, which is encrypted.
Is this isolated storage in the user’s machine or is it on a server
Because if it is on user’s machine it still is not secured and accessible for hacking…
This is stored locally, as is common. It is encrypted. You may elect not to use it if you do not want to.
Also, is you are using Single Sign-on, then you wouldn't use this feature. hope this helps.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.