OBIEE 12c: DownloadRPD and UploadRPD Commands Write the Repository Password in Plain Text to the Log File

(Doc ID 2329786.1)

Last updated on DECEMBER 01, 2017

Applies to:

Business Intelligence Server Enterprise Edition - Version 12.2.1.2.0 and later
Information in this document applies to any platform.

Symptoms

On OBIEE 12.2.1.2.0

The repository password is logged in plain text in the DOMAIN_HOME\servers\bi_server1\logs\bi-lcm-rest.log.0 file in the following scenarios:-

1. Download the RPD and supply the repository password on the command line with the -W parameter, or omit the -W parameter and enter the password when prompted. For example:

DOMAIN_HOME\bitools\bin\datamodel.cmd downloadrpd -O sampleapplite.rpd -SI ssi -U weblogic -P <Weblogic Password> -W Admin123

In the bi-lcm-rest.log.0 file, see the following:-

-------------------------------------------------------------------------------------

POST http://<server>:<port>/bi-lcm/v1/si/ssi/rpd/downloadrpd
...
target-password=Admin123%5C&css-base-URI=NotFound

-------------------------------------------------------------------------------------

 2. Upload the RPD and supply the repository password on the command line with the -W parameter, or omit the -W parameter and enter the password when prompted. For example:

DOMAIN_HOME\bitools\bin\datamodel.cmd uploadrpd -I sampleappliteV2.rpd -SI ssi -U weblogic -P <Weblogic Password> -W Admin456 -D

In the bi-lcm-rest.log.0 file, see the following:-

-------------------------------------------------------------------------------------

POST http://<server>:<port>/bi-lcm/v1/si/ssi/rpd/uploadrpd
...
Content-Disposition: form-data; name="rpd-password"
Admin456

-------------------------------------------------------------------------------------

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms