Re: password policy with regard to application userid



It depends on the application, and the level of privileges that the
account has and also the auditing of the account usage.

If you regularly auditing the account, and it only has a user level
privileges, then once a year password change should suffice.

One other thing to check is how the application the using the account.
As long as the application is kerberos enabled, and is NOT
transmitting the username/password on the network, then you don't need
to worry about somebody sniffing out the password.

For e.g. ADSI calls from IIS do not transmit the username/password
over the network, so using a account with more privileges to run a web
application is not an serious risk.


saqib
http://www.full-disk-encryption.net

On 31 May 2007 07:30:01 -0000, u.bodalina@xxxxxxxxx
<u.bodalina@xxxxxxxxx> wrote:
What would be a reasonable password policy with regard to userids used in applications?

For example Business Objects needs a system level userid to intergrate with active directory. What would the security implications be if this userid's password wasn't changed?

Standard users follow a policy in which they have to change their password every two months.

Thanks




--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net



Relevant Pages

  • Re: Stop running a script ?
    ... What's so hard about editing the shortcut you created from the file? ... Something else to consider is under what account you login when you go ... user account which reduces privileges available to all programs ... This means your web browser is less ...
    (alt.os.windows-xp)
  • Re: How good is Comodo Internet Security?
    ... the process will have the same privileges as that token. ... the token has the limitation of a standard user account, ... limited and you get more protection. ... They don't want to use a limited Windows account. ...
    (comp.security.firewalls)
  • Re: How good is Comodo Internet Security?
    ... the process will have the same privileges as that token. ... the token has the limitation of a standard user account, ... use them to start the web browser, that instance of the web browser is ... limited and you get more protection. ...
    (comp.security.firewalls)
  • Re: How good is Comodo Internet Security?
    ... Since the token has the limitation of a standard user ... account, ... the child process under limited privileges, ... do out admin task within our LUA enviroment? ...
    (comp.security.firewalls)
  • Re: Authenticating a user on Windows Server 2003
    ... > missing privileges (by privileges I mean rights on the acct i.e. does the ... > client user acct have interactive logon privileges and other necessary ... > Are you able to execute "runas" successfully as the user account (with the ...
    (microsoft.public.platformsdk.security)