Triton Db2 Geek

Confessions of a DB2 geek

IBM Gold Consultant Program and IBM Premier business Partner

Tag Archives: DB2 LDAP

Confession of the Month

Beware of over-federating

Published January 19th, 2011 - by

During a recent DB2-LDAP configuration at a client site, I stumbled upon a bizarre security exposure.   Using any DB2 client tool, it was possible to connect to the database as any user without having to get the password right! Once connected to the database, you only had access to the tables that the user Continue Reading