ClearQuest Web 7.1 login allows users to see available databases names with invalid credentials
This technote identifies an issue that can occur in IBM Rational ClearQuest Web for 7.1. You can see all available databases names at login, even though you have entered invalid credentials.
When there are multiple user databases in ClearQuest Web 7.1, and you try to login with invalid credentials, you can see the names of all the available user databases. This is not correct behavior. You are still unable to login to those databases, due to the credentials being incorrect.
This issue was identified as a product defect under APAR PM00747 and APAR PM01952.
Resolving the problem
This defect is fixed starting in version 18.104.22.168. Upgrade to the latest version to resolve this problem.
In order to apply this resolution, you must enable a new MBean attribute that was introduced in version 22.214.171.124. The MBean attribute is cqUserDBListSecureAccess. You set this attribute to enable checking for users' allowance to see the list of user databases when logging into ClearQuest Web.
The default value is false, which means the secure is not enabled.
You can enable this attribute by running these commands, in order:
cd "C:\Program Files\IBM\RationalSDLC\common\CM\scripts"
set WAS_BIN="C:\Program Files\IBM\RationalSDLC\common\eWAS\bin"
%WAS_BIN%\wsadmin -profileName cmprofile
- Note: You will now have a wsadmin> command line prompt.
wsadmin> source teamAdminUtils.jacl
wsadmin>set t [getTeamServer]
wsadmin>$AdminControl setAttribute $t cqUserDBListSecureAccess true
More support for:
Web Client (7.1)
Software version: 7.1, 126.96.36.199, 188.8.131.52, 7.1.1, 184.108.40.206, 220.127.116.11
Operating system(s): AIX, HP-UX, Linux, Solaris, Windows
Reference #: 1410302
Modified date: 28 September 2010