cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Security: stop using WindchillDS Admin Account for Apache authentication

Security: stop using WindchillDS Admin Account for Apache authentication

Windchill's apache server only needs to check supplied user credentials against the WindchillDS LDAP server; there is no need to use the WindchillDS Administrator account to do this, it should be performed by a lower privileged "Read Only" account.


If the Admin credentials are compromised it is a simple matter to change the wcadmin password and then login through the Windchill UI as wcadmin and have complete access to the system and its data.


In my experience, you should always use the lowest privileged account possible in this sort of situation, especially if the credentials are hard-coded in plain text in the Apache auth config files.

You can obviously do this yourself manually on your own systems but this should be the default config from PTC as far as I am concerned.

Rgds

Gary