The cornerstone of the PKI is the private key used to encrypt or digitally sign information. The DBMS, when using PKI-based authentication, must enforce authorized access to the corresponding private key. To prevent the compromise of authentication information, such as passwords, during the authentication process, the feedback from the information system shall not provide any information that would. The SRG states: "To prevent the compromise of authentication information, such as passwords, during the authentication process, the feedback from the information system shall not provide any.Īpplications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. When using command-line tools such as Oracle SQL*Plus, which can accept a plain-text password, users must use an alternative logon method that does not expose the password. When dealing with change control issues, it should be noted, any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have. The DBMS software installation account must be restricted to authorized users. The inclusion of role is intended to address those situations where an access control. This requirement is intended to limit exposure due to operating from within a privileged account or role. Use of the DBMS software installation account must be restricted. Findings (MAC III - Administrative Sensitive) Finding ID
0 kommentar(er)
