Archives of the TeradataForum
Message Posted: Wed, 11 Jan 2006 @ 09:16:17 GMT
You'd think that if you are running a Teradata Manager server delivering PMON information to the user community, the security controls would be on the Teradata Manager server not on the Teradata system. Why? Because once the user has the Teradata grant, there is nothing stopping them from connecting directly to the Teradata.
As soon as the system slows down even a little, everyone with PMON connects to the system "to see what's wrong". All those monitoring connections eat up system resources, and on small systems there is a very real possibility of hitting the PMON session limit (8 per PE I think).
This design is horribly flawed and constitutes a security problem for the system (potential denial of service attack point). We have locked down PMON and Teradata Manager to prevent this.
|Copyright 2016 - All Rights Reserved|
|Last Modified: 28 Jun 2020|