Join Now

Important Information Regarding SAS Migration Utility

by Occasional Contributor MichaelCederqvist on ‎10-20-2014 09:06 AM (185 Views)

Jeg vil lige gøre opmærksom på en mail, som jeg har modtaget fra SAS Support ’News for Customers’.

Mailen omhandler vores SAS Migration Utility! Essensen af mailen er, at der kan være et potentielt problem, hvis output fra en migrering ligger frit tilgængeligt i en folder. Problemet er passwords i klartekst, ligger i output fra SAS Migration Utility. Løsningen p.t. er, at I skal sikre, at folderstrukturen, hvor output ender, er omfattet af jeres sikkerhed, så kun de brugere, der har behov, har adgang til folderstrukturen.

Nederst er hele mailen fra SAS Support, læs den!

   

Dette giver mig også mulighed for, at minde dig om at du tilmelder dig vores nyhedsbreve: http://support.sas.com/techsup/news/tsnews.html

Her har du mulighed for at vælge til og fraalt efter, hvor meget information du vil modtage fra os. Smiley Happy

God læselyst

Michael

   

--- Mailen fra SAS Support

SAS
Institute has identified a scenario in our SAS Migration Utility where passwords used during the migration process are stored in the resulting migration package and utility log file. The SAS Migration Utility is a tool whose primary purpose is to create a package of content from an existing SAS configuration. That package can then be used during an update within a release, upgrade to a new SAS release, or a replication of an existing deployment. Documentation is in the SAS 9.4 Intelligence Platform: Migration Guide.

   

Based on the scenario we identified, we recommend that customers using the SAS Migration Utility secure the access permissions to the output location of the SAS Migration Utility package. All passwords supplied to the SAS Migration Utility should be encoded to ensure passwords are not exposed in clear text.

SAS internal teams identified this potential security issue. No customers have reported this problem, and we are not aware of any issues associated with this specific exposure. SAS will continue to update our customers on any potential scenarios that we believe require action. If you have concerns or questions, please contact SAS Technical Support.