Just about every client we visit installs Oracle Primavera P6 with the same passwords as the various database users.If this sounds familair, then read on and learn how you can improve your Primavera P6 security.
The advent of Oracle Primavera P6 R8 includes more database system users than ever before, along with the application server administrator. This leads to more ways to gain unauthorized access to the project management information held in Primavera P6 databases and content stores. All any attacker needs is the information from the help screen of the desktop or optional client as it is now being called, and they can gain unbridled access to a poorly setup Primavera P6 system. So here we take a look at how to improve Primavera P6 security.
Improve Primavera P6 Security
As a minimum we’d recommend the following simple steps when installing Primavera P6.
- Use different database and application server usernames to the standard ones.
- Make sure the passwords aren’t the same as the username
- Change the privileges of the Primavera Database Administrator (“ADMUSER” by default) so it can’t connect to the database. It is only needed to install or upgrade Primavera P6, and it can be granted Connect privilege when it needs to do that
- It is very easy to clear out the passwords with a simple SQL query and then logon as anyone. Protect your self against this attack by using LDAP authentication, which doesn’t make use of the password column.
If you already have a running system and haven’t done any of these, then it isn’t too late. It just takes some careful planning and you can improve the security of your Primavera P6 system.