UTBrowse.exe, SQL Guardium

Sri2008

Member
Hello List,
During laborday weekend, SQL Guardium reported that one of the user has updated/inserted records into JDE tables using UTBrowse.exe application. I have explained that UTB is used only for inquiry, but the Management is not convinced. I have verified the security table F9312 and there is no entry that the user was logged on to JDE on that particular day as the user was on vacation. Audit trail fields of the tables did not help me much as they capture only the latest details. I have opened up a help desk ticket with JDE as I had no other way to convince Mgmt that UTB does not update/insert records. In fact I even have demonstrated the UTB to the Mgmt but could not convince. Is there a way how I can trace this out. Any help is highly appreciated.

Thanks
Sri - JDE OW B7333/XE, Oracle 9i
 
Rename sqlplus.exe to UTBrowse.exe. Now run UTBrowse.exe from the ORACLE_HOME\bin directory. Logon to a database. As a privileged user, query the v$sessions view with a query such as:

select machine,user,osuser from v$sesssion where program='UTBrowse.exe'

You'll see you can easily spoof certain types of detection programs, as Oracle itself sees your renamed SQL*Plus as UTB. If someone has your JDE password (and it is fairly easy to get it from the Enterprise Server if you know what your're doing), you're at risk.

I'd bet most companies running E1 are at risk of unauthorized changes for this reason, and pretty much the only good way to fix it is to limit what the users can do at the database level, such that no one account has SIUD privileges on all critical tables. Default out of the box JDE security is to grant those privileges to PUBLIC when the tables are created.

There is a way to mitigate the risk, but many are either not willing or more likely don't have the time to focus on this as an issue.
 
Charles,

Your reply has really helped me to understand, how one can fool the system if they know the way. We have put the restrictions with write permissions. I hope we will not have this kind of issue in future. Thanks a lot for the help...
 

Similar threads

richslaney
E9.2 Getting the Last Logon and Logoff Details in 9.2 (F9312 / F9312T)
Replies
7
Views
857
BOster
BOster
E9.2 SQL Performance
Replies
4
Views
745
Larry_Jones
Larry_Jones
E9.2 E1 on as400 changes, decimal separator
Replies
0
Views
1K
RobHalford
E9.2 AS400 How JDE determine CCSID for table's columns where generate table via OMW
Replies
0
Views
567
Manoch
E8.12 Item Master Inter Operability
Replies
12
Views
566
James1492
Back
Top