Remove password restoring capability, store only user id in the FRACAS(Relex) tool

ptc-3871294 · ‎Apr 17, 2013

Remove password restoring capability, store only user id in the FRACAS(Relex) tool.

Today in the Windchill Quality Solutions - FRACAS module, we have an option on login to remember the login credentials that stores the user id and password in cookies.

The passwords should NOT be stored in a cookie on user's machine. This leads to security issues. It is very easy to hack and break into.

please fix this ASAP.

ptc-2749313 · ‎Apr 18, 2013

Hello Sapna, nice to hear from you. Please note that this is not true. We do not store user authentication as cookies. If a user elects to have the system remember their user name and password, they are put in Isolated Storage, which is encrypted.

ptc-3871294 · ‎Apr 18, 2013

Is this isolated storage in the user’s machine or is it on a server

Because if it is on user’s machine it still is not secured and accessible for hacking…

ptc-2749313 · ‎Apr 18, 2013

This is stored locally, as is common. It is encrypted. You may elect not to use it if you do not want to.

ptc-2749313 · ‎Apr 18, 2013

Also, is you are using Single Sign-on, then you wouldn't use this feature. hope this helps.

PTCModerator · ‎Mar 12, 2019

PTCModerator · ‎Mar 12, 2019