Documentum D2: About D2 returns dfc.properties

If you click on the About D2 link, it returns the complete dfc.properties file which may include your servername or ip address. This is a security vulnerability. To resolve this issue, open the D2.war and D2-Config.war files, find the following file:

WEB-INF/lib/D2FS4DCTM-WEB-4.5.0.jar

Open the file above and find the following file:

xml/dialog/AboutDialog.xml
Comment out the lines below:
<tab id="tabDebug" condition_visible="getValue(ctrlKey).notEquals('') &amp;&amp; getValue(altKey).notEquals('')">
                        <memo id="properties" rows="18" wrap="off" condition_enabled="false" assistance_type="java" assistance_java="com.emc.d2fs.dctm.ui.assistances.DebugProperties">

                        </memo>
</tab>
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s