Posts

Showing posts from April, 2014

How to unlock a locked SAP HANA user?

Image
HANA Studio offers a secure  storage to store the user credentials and use those to connect with HANA database. If you change the user credentials, you must remember to update those in HANA studio as well. If the studio still uses the old logon data even after you changed the password, you may see the user locked due to  multiple failed logon attempts. To check if user is deactivated or how many invalid logons s/he has use the following SQL: SELECT NAME, USER_DEACTIVATED, INVALID_CONNECT_ATTEMPTS FROM "SYS"."P_PRINCIPALS_" WHERE NAME='<username>' If the user was locked/deactivated for other reasons (e.g. directly by a user admin), you may need to reset the password: alter user <username> password <password>; Update password in HANA studio To reset the number of failed attempts recorded, you can use the following SQL: alter user <username> DROP CONNECT ATTEMPTS;

Reading password field

Image
Right click the login form, select inspect element, Find the input type and delete "password" It will turn the password feild into regular text.

Heartbleed: SAP Business Intelligence products using APR native Tomcat library affected

Image
SAP has released an advisory on the implications of Heartbleed bug on SAP Business Objects and Business Intelligence products, through SAP note  2003582 According to the note: Default Tomcat provided by SAP with SAP Business Intelligence products  is not affected by this issue, unless customers explicitly enable SSL using APR native tomcat library. See  http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html  and  http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html  for details on Tomcat SSL configuration. Open an SAP message on the component XX-SER-BO-SEC if you suspect you are affected. Here is a simple explanation of this bug Use this site to check if a website has been fixed or not to know whether to change password now or wait. You can also use this site to test if the servers are secure right now. It sends a deliberately malformed heartbeat and checks if the server responds with too much information. Keep in mind this tells you nothing about whether or not a p