Home Page for the TeradataForum

Archives of the TeradataForum

Message Posted: Wed, 11 Jan 2006 @ 09:16:17 GMT

  <Prev Next>   <<First <Prev Next> Last>>  

Subj:   Re: Performance Monitor Error: Monitor Access Denied
From:   Hough, David

You'd think that if you are running a Teradata Manager server delivering PMON information to the user community, the security controls would be on the Teradata Manager server not on the Teradata system. Why? Because once the user has the Teradata grant, there is nothing stopping them from connecting directly to the Teradata.

As soon as the system slows down even a little, everyone with PMON connects to the system "to see what's wrong". All those monitoring connections eat up system resources, and on small systems there is a very real possibility of hitting the PMON session limit (8 per PE I think).

This design is horribly flawed and constitutes a security problem for the system (potential denial of service attack point). We have locked down PMON and Teradata Manager to prevent this.

/dave hough

  <Prev Next>   <<First <Prev Next> Last>>  
  Top Home Privacy Feedback  
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 28 Jun 2020