Changing Passwords

Randy

There is no way of setting the BO password programmatically. Many people
have asked for this for quite a while but it falls on deaf ears. Because of
this I know several groups in my company that have ceased using this
functionality. The user passes through and the database checks the validity
when a query is started.

You would think that they could give a function in a dll to do this. Make it
so that I can programmatically change the password of someone who has user
level but nothing higher. I don’t think BO really knows how their tool is
used in the enterprise. An example is a group with data that resides on two
different locations X and Y. Of course I want to use BOUSER BOPASS on each
connection so that I can track the SQL that the users are issuing. Now throw
in a BO password. I now have the problem of keeping the BO password in synch
with the password on system X and system Y and on BO. But what if I have
some users within that group that access information on Z system using BO? I
do not administrate system Z but now I am forced to coordinate with this
other system to synch that user’s password to the same one as my system
uses. Now multiply this by the many systems that a large company has and the
problem becomes evident.

Yours in frustration.

Michael Holly
Southwestern Bell IS

PS If you do find a way, post it here. I sure would like to know.


From: rcoates@ATT.NET[SMTP:rcoates@ATT.NET]
Sent: Thursday, April 08, 1999 6:05 AM

We are using the id/password pass-thru functionality of
Business Objects, where @Variable(BOUSER) and @Variable
(BOPASSWORD) in the universe connection window pass the
Business Object id/password through to our database. We
are struggling with how to keep the two passwords
synchronized. We can get the database to change through
our Visual Basic front-end, but cannot find a way to
programmatically change the Business Objects password.

Randy Coates
Actium
rcoates@actium.com
rcoates@worldnet.att.net


Listserv Archives (BOB member since 2002-06-25)

    This is an excellent point, and the same problem has plagued us since
    4.x was introduced.  That BO has failed to deal with this is indeed a
    mystery.

    However, it should be possible to write a script which would give the
    user a form on which to enter the password change info.  Then pass the
    changed password to the d/b and change the password (alter user....etc).
    Then, the script would call a procedure which would encrypt the
    user-entered password text string and write it to
    obj_m_actor.m_actor_c_password on the repository, based on the BOUSER
    variable (which I think is the same as  m_actor_c_name).

    Of course, the only problem with this is knowing what algorithm BO uses
    to encrypt the passwords.  Knowing this would not necessarily cause a
    security problem, because the algorithm to decrypt is presumably
    different from the one to encrypt.  I'm sure that BO tech support would
    not be aware of this algorithm.  Does anyone in the BO organization know
    if BO would be willing to supply this info in lieu of an actual software
    patch?

    Jason Beard

Randy

There is no way of setting the BO password programmatically. Many people
have asked for this for quite a while but it falls on deaf ears. Because of
this I know several groups in my company that have ceased using this
functionality. The user passes through and the database checks the validity
when a query is started.

You would think that they could give a function in a dll to do this. Make it
so that I can programmatically change the password of someone who has user
level but nothing higher. I don’t think BO really knows how their tool is
used in the enterprise. An example is a group with data that resides on two
different locations X and Y. Of course I want to use BOUSER BOPASS on each
connection so that I can track the SQL that the users are issuing. Now throw
in a BO password. I now have the problem of keeping the BO password in synch
with the password on system X and system Y and on BO. But what if I have
some users within that group that access information on Z system using BO? I
do not administrate system Z but now I am forced to coordinate with this
other system to synch that user’s password to the same one as my system
uses. Now multiply this by the many systems that a large company has and the
problem becomes evident.

Yours in frustration.

Michael Holly
Southwestern Bell IS

We are using the id/password pass-thru functionality of
Business Objects, where @Variable(BOUSER) and @Variable
(BOPASSWORD) in the universe connection window pass the
Business Object id/password through to our database. We
are struggling with how to keep the two passwords
synchronized. We can get the database to change through
our Visual Basic front-end, but cannot find a way to
programmatically change the Business Objects password.


Listserv Archives (BOB member since 2002-06-25)

Randy and Michael,

BOUSER and BOPASS in connection parameters work best when there is no
password defined for the users in Supervisor.

The security flag “No Password Checking” was developed for this purpose, so
that users are allowed in to the application via verification of only the
user name. With this flag on, the password is not checked in the repository,
and whatever password the user enters is passed through to the database for
verification when running or refreshing queries. In other words, no password
maintenance is required in BusinessObjects when using “No Password
Checking.”

If you still want to maintain passwords in BusinessObjects, you can probably
try a couple of things:

  1.  Through your same VB front-end, if you allow user interaction in
    

changing passwords, execute BusinessObjects and use SendKeys to execute the
Tools/Change Password command to have the user change their BO password.
2. The column OBJ_M_ACTOR.M_ACTOR_N_ENDING is set to 0 for a perpetual
password, and to 1 to force the user to change their password at next login.
So, setting M_ACTOR_N_ENDING = 1 will ask users to change their passwords
the next time they login to BusinessObjects.

Hope this helps,
Luis Gonzalez


Listserv Archives (BOB member since 2002-06-25)

Jeff Moore wrote:

We have a powerbuilder application that checks if the
password should be
changed. If yes,
then they are prompted for a new password. We then
sync the database
password and
Business Objects password with a similar process. We
have found some
problems that
can occur with the SendKeys function…

As I understand it, the Sendkeys function is generally
an unreliable means of getting the job done and thus
should not be used. It fills the key buffer with
characters, so the question is what happens if a user
starts typing at the same time as the SendKeys loop is
executing or if the user switches applications?

Randy Coates
Actium
rcoates@actium.com
rcoates@worldnet.att.net


Listserv Archives (BOB member since 2002-06-25)

The No password checking option does not only have the risk of users that
type the wrong password and
get frustrated. There is a major security problem. A user can use the
userid of his manager and
a fake password to log on to BO. He then can start BO (password is not
checked in BO).
He now can retrieve documents from Doc Agent and Repository that contains
data that was meant for his manager.

We raised an enhancement request to provide the ability to have the
userid and pw checked against the
(data) database. It will be version 5.x (not 0) until this option will be
available.

Regards,
Michiel Brunt

mh9725@MOMAIL.SBC.COM on 12-04-99 20:43:00
cc: (bcc: Michiel Brunt/NL/ABNAMRO/NL)

Luis

Thanks for the suggestions. The no password checking is Ok but it does not
work like it could. What happens if my user mistypes the password when
prompted at the opening of Business Objects? Since checking is turned off,
it passes through and then after the user has gone to all the trouble of
creating a query it gives them the message that they can’t run the query.
Now the user has to figure out how to save this query that they have been
working on for 2+ hours. You and I both know that it is Options >> Do not
retrieve data, however, many users do not know how to do this. So what
ends
up happening is they dump the query and start all over again. As a result
frustration is through the roof, and they are ready to take BO off the
desktop at the first sign of a competing product.

A possible solution is to have a pointer to the database that the universe
describes. Instead of logging in at the start of BO, have the user login
after they pick the universe they want to use. At this time the users
password is checked against the database containing the data that the user
is going to be querying. Then the user would be sure that since BO started
up and gave no errors they would be able to run queries. This solution
scales nicely until you guys figure out how to put tables from multiple
databases in one universe. (I don’t even want to go there).

I noticed that P.S. Mohan put forth a script to do what you described in
the
second part of your post. I look forward to trying this one out. I
believe
it may be exactly what I needed.

Thanks

Michael Holly
Southwestern Bell


From: Luis Gonzalez[SMTP:LGonzalez@BUSINESSOBJECTS.COM]
Sent: Friday, April 09, 1999 10:18 AM

Randy and Michael,

BOUSER and BOPASS in connection parameters work best when there is no
password defined for the users in Supervisor.

The security flag “No Password Checking” was developed for this purpose,
so
that users are allowed in to the application via verification of only
the
user name. With this flag on, the password is not checked in the
repository,
and whatever password the user enters is passed through to the database
for
verification when running or refreshing queries. In other words, no
password
maintenance is required in BusinessObjects when using “No Password
Checking.”

If you still want to maintain passwords in BusinessObjects, you can
probably
try a couple of things:

  1.  Through your same VB front-end, if you allow user interaction in
    

changing passwords, execute BusinessObjects and use SendKeys to execute
the
Tools/Change Password command to have the user change their BO password.
2. The column OBJ_M_ACTOR.M_ACTOR_N_ENDING is set to 0 for a
perpetual
password, and to 1 to force the user to change their password at next
login.
So, setting M_ACTOR_N_ENDING = 1 will ask users to change their
passwords
the next time they login to BusinessObjects.

Hope this helps,
Luis Gonzalez

-----Original Message-----
Sent: Friday, April 09, 1999 07:36 AM

Randy

There is no way of setting the BO password programmatically. Many
people
have asked for this for quite a while but it falls on deaf ears. Because
of
this I know several groups in my company that have ceased using this
functionality. The user passes through and the database checks the
validity
when a query is started.

You would think that they could give a function in a dll to do this.
Make
it
so that I can programmatically change the password of someone who has
user
level but nothing higher. I don’t think BO really knows how their tool
is
used in the enterprise. An example is a group with data that resides on
two
different locations X and Y. Of course I want to use BOUSER BOPASS on
each
connection so that I can track the SQL that the users are issuing. Now
throw
in a BO password. I now have the problem of keeping the BO password in
synch
with the password on system X and system Y and on BO. But what if I
have
some users within that group that access information on Z system using
BO?
I
do not administrate system Z but now I am forced to coordinate with this
other system to synch that user’s password to the same one as my system
uses. Now multiply this by the many systems that a large company has and
the
problem becomes evident.

Yours in frustration.

Michael Holly
Southwestern Bell IS

PS If you do find a way, post it here. I sure would like to know.


From: rcoates@ATT.NET[SMTP:rcoates@ATT.NET]
Sent: Thursday, April 08, 1999 6:05 AM

We are using the id/password pass-thru functionality of
Business Objects, where @Variable(BOUSER) and @Variable
(BOPASSWORD) in the universe connection window pass the
Business Object id/password through to our database. We
are struggling with how to keep the two passwords
synchronized. We can get the database to change through
our Visual Basic front-end, but cannot find a way to
programmatically change the Business Objects password.

Randy Coates
Actium
rcoates@actium.com
rcoates@worldnet.att.net


Listserv Archives (BOB member since 2002-06-25)