1. Applications Installation Guide for UNIX with IBM DB2 for Linux, UNIX, and Windows
  2. Working with Database Security

Working with Database Security

In order to maximize your database security, you should change the passwords on all table owners created during the Platform Pack installation; these are created with the user and password equal to the same value. Such a user and password relationship could expose you to worms and viruses aimed at gaining access to your database. Consult with your DBA for advice on changing passwords to meet the security requirements of your database installation.

The Installation Workbench assumes that the table owner 's password is the same as the table owner, unless it finds this override in the jde.ini file on the Deployment Server. Once the database passwords have been changed, you will need to add this section to the jde.ini file:

[DSPWD]
Datasource_owner=new_password

For example, if you changed the passwords for PRODDTA and PRODCTL to alaska5 and nevada6 your section would look like this:

[DSPWD]
PRODDTA=alaska5
PRODCTL=nevada6

The Installation Workbench assumes that the database user is JDE and that the password is the same, unless it finds this override in the jde.ini file on the Deployment Server. As a security precaution, you should also change the password on the JDE user and add an override in the [DSPWD] section of the jde.ini file. Once the database passwords have been changed, you will need to add this section to the jde.ini file: 

[DSPWD]
JDE=new_password

For example, if you are changing the JDE user's password to apples, your section would look like this:

[DSPWD]
JDE=apples
Note: You must also logon to JDEPLAN using the changed password, otherwise database connections will fail. Using the above example of a changed password, you would logon using these credentials:User = JDEPassword = applesEnvironment = JDEPLAN
Caution: The Installation Workbench can only process passwords equal to or less than 10 characters in length. Therefore, you cannot use passwords greater than 10 characters even if your RDBMS allows it.

After you change the [DSPWD] section of the jde.ini file, logon to OneWorld in the JDEPLAN environment on the Deployment Server with the new password in the correct case.

Whenever you change the password on your database, as recommended for security purposes, you must also ensure that your security settings in the Enterprise Server jde.ini file match that of your database. For applicable instructions, refer to the chapter entitled: Performing Post Installation and Upgrade Tasks in the section entitled: Working With Signon Security and Table Creation Security.

You should secure the jde.ini file on the Deployment Server to prevent unauthorized access. You can use Site Key to encrypt sensitive data in the .ini files on your Enterprise Server. For details, refer to the section of this guide entitled: Generate a Site Key.

Caution: As a best security practice, you should delete the [DSPWD] section once the install or upgrade is complete.