UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DBMS passwords should not be stored in compiled, encoded or encrypted batch jobs or compiled, encoded or encrypted application source code.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15637 DG0130-ORACLE10 SV-24969r1_rule IAIA-1 IAIA-2 Medium
Description
The storage of passwords in application source or batch job code that is compiled, encoded or encrypted prevents compliance with password expiration and other management requirements as well as provides another means for potential discovery.
STIG Date
Oracle 10 Database Instance STIG 2014-01-14

Details

Check Text ( C-29502r1_chk )
Ask the DBA to review application source code that is required by Check DG0091 to be encoded or encrypted for database accounts used by applications or batch jobs to access the database.

Ask the DBA to review source batch job code prior to compiling, encoding or encrypting for database accounts used by applications or the batch jobs themselves to access the database.

Ask the DBA and/or IAO to determine if the compiled, encoded or encrypted application source code or batch jobs contain passwords used for authentication to the database.

If none of the identified compiled, encoded or encrypted application source code or batch job code contain passwords used for authentication, this check is Not a Finding.

If any of the identified compiled, encoded or encrypted application source code or batch job code do contain passwords used for authentication to the database, this is a Finding.

NOTE: This check only applies to application source code or batch job code that is compiled, encoded or encrypted in a production environment. Application source code or batch job code that is not compiled, encoded or encrypted would fall under Check DG0067 for determination of compliance.
Fix Text (F-2637r1_fix)
Design DBMS application code and batch job code that is compiled, encoded or encrypted to NOT contain passwords.

Consider alternatives to using password authentication for compiled, encoded or encrypted batch jobs and DBMS application code.