OBIEE 12c: DownloadRPD and UploadRPD Commands Write the Repository Password in Plain Text to the Log File
(Doc ID 2329786.1)
Last updated on MAY 16, 2023
Applies to:
Business Intelligence Server Enterprise Edition - Version 12.2.1.2.0 to 12.2.1.3.0 [Release 12c to 12g]Information in this document applies to any platform.
Symptoms
On OBIEE 12.2.1.2.x / 12.2.1.3.x
The repository password is logged in plain text in the DOMAIN_HOME\servers\bi_server1\logs\bi-lcm-rest.log.0 file in the following scenarios:-
1. Download the RPD and supply the repository password on the command line with the -W parameter, or omit the -W parameter and enter the password when prompted. For example:
DOMAIN_HOME\bitools\bin\datamodel.cmd downloadrpd -O sampleapplite.rpd -SI ssi -U weblogic -P <Weblogic Password> -W Admin123
In the bi-lcm-rest.log.0 file, see the following:-
-------------------------------------------------------------------------------------
POST http://<server>:<port>/bi-lcm/v1/si/ssi/rpd/downloadrpd
...
target-password=Admin123%5C&css-base-URI=NotFound
-------------------------------------------------------------------------------------
2. Upload the RPD and supply the repository password on the command line with the -W parameter, or omit the -W parameter and enter the password when prompted. For example:
DOMAIN_HOME\bitools\bin\datamodel.cmd uploadrpd -I sampleappliteV2.rpd -SI ssi -U weblogic -P <Weblogic Password> -W Admin456 -D
In the bi-lcm-rest.log.0 file, see the following:-
-------------------------------------------------------------------------------------
POST http://<server>:<port>/bi-lcm/v1/si/ssi/rpd/uploadrpd
...
Content-Disposition: form-data; name="rpd-password"
Admin456
-------------------------------------------------------------------------------------
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |