Novell Doc: Novell ZENworks Orchestrator 1.3 Administration Guide - Plain Text Visibility of Sensitive Information

3.6 Plain Text Visibility of Sensitive Information

The following table outlines where sensitive information might be visible as plain text:

Table 3-1 Locations Where Sensitive Information Might Be Stored As Plaint Text

Information	Storage Location	Visibility Issue
VM configuration data	MS SQLite database	The VM configuration data can be viewed by anyone.
Orchestrator Server credentials	VM Warehouse configuration file	The VM Warehouse stores this information as plain text in a configuration file that is readable as root. By default, the repository is located in: /etc/opt/novell/zenworks/vmwarehouse/vmwarehouse.conf If necessary, you can determine the configuration file’s location using the vmr cn -a command.
Audit Database configuration	ZOS properties sotre	Contains plain text information including user/password for allowing ZENworks Orchestrator to log into the Audit Database (i.e. mysql) for logging. You should use a non-privileged database account for logging.

Information

Storage Location

Visibility Issue

VM configuration data

MS SQLite database

The VM configuration data can be viewed by anyone.

Orchestrator Server credentials

VM Warehouse configuration file

The VM Warehouse stores this information as plain text in a configuration file that is readable as root.

By default, the repository is located in:

/etc/opt/novell/zenworks/vmwarehouse/vmwarehouse.conf

If necessary, you can determine the configuration file’s location using the vmr cn -a command.

Audit Database configuration

ZOS properties sotre

Contains plain text information including user/password for allowing ZENworks Orchestrator to log into the Audit Database (i.e. mysql) for logging.

You should use a non-privileged database account for logging.