Under Review
over 7 years ago

Post Migration Custom Command - Security Flaw

Is it possible to add a feature to the custom command post migration set-up that would restrict users from changing the variables defined in the custom command.  We restrict our end users from using the UNIX account that allows the ability to SSH.  If we define a custom command the user can put any command in the "command with parameters" window and compromise our server after selecting the run button during the post migration process.  We would like the ability to define the command but only allow the end user to execute the custom post migration as-is, preventing the user from adding or changing these variables.

This is a great feature but completely useless for us because of this security concern.

tim.rogers
Parents
  • over 7 years ago

    Tim,

    Your Welcome...

    Reducing the ssh timeout could have a negative impact.  

    In our environment to prevent Stat users from picking the wrong server, I wrote my own Post Migration script that based on the Environment code it would perform the Post migration on the required servers.  You can pick a server from the Server Drop down that was not even involved with Migration.   Also our post migration requirements have to be performed on more than one server, somethings as many as four.  So the Post Migration script I wrote will know all the servers.  The Server Drop down has only 1 server to pick from.   We have over 20 Active Oracle E-Biz environments and over 45 hosts so we really had no choice.  I had to made fool prove.

    Regards.

Comment
  • over 7 years ago

    Tim,

    Your Welcome...

    Reducing the ssh timeout could have a negative impact.  

    In our environment to prevent Stat users from picking the wrong server, I wrote my own Post Migration script that based on the Environment code it would perform the Post migration on the required servers.  You can pick a server from the Server Drop down that was not even involved with Migration.   Also our post migration requirements have to be performed on more than one server, somethings as many as four.  So the Post Migration script I wrote will know all the servers.  The Server Drop down has only 1 server to pick from.   We have over 20 Active Oracle E-Biz environments and over 45 hosts so we really had no choice.  I had to made fool prove.

    Regards.

Children
No Data