Allowing Outside Access Best Practices

keithschm · ‎Jun 23, 2011

Server has a dedicated outside IP to the firewall.

I have audited all user namesand passwords to make sure they are secure and not simple.

I am verifying if the vendor has a static IP then I can limit access based on that.

ddemay · ‎Jun 23, 2011

Did you look up insecure configuration for apache tomcat circa march 2011?

Principal admin allows change of wcadmin password as does any ldap v3 client that let's you see what is in aphelion or Windchill DS...

Sent from my Verizon Wireless BlackBerry

MikeLockwood · ‎Jun 23, 2011

1. Best by far to integrated with your active directory (requires two lines of code in one Apache file) and therefore have Windchill pull current passwords from the network. Note: This requires a new Site admin, replacing wcadmin.

2. For your outside party, consider isolating their access by Product / Library.

Notify Moderator · ‎Jun 23, 2011

Changing your wcadmin password is very important. But, it may cause you
problems.

Visualization is often setup using the user and authentication from the
adapter is through a plaintext file. Usually this is handled with the file
<windchill>/auth.properties.

See the reference documents as they have sections about securing the various
plain text files.

~Dan

ptc-2126057 · ‎Jul 05, 2011

You can set the following property to enable the password change by users themselves.

<property name="wt.org.services.userPasswordChangeEnabled" overridable="true"<br"/> targetFile="codebase/wt.properties"
value="true"/>

After setting this property go to Home-->Utilities-->Profile-->Actions-->Edit Password

DISCLAIMER: Author doesn't responsible for any unforeseen things happened due to implementing the suggested process