I met one big problem and need your help. We have one platform, dabase is db2, application is IBM websphere. When the developer is coding, he write account's password hard code. Someone knews this account's password.And we can not change this password. If we changed, the application is not work. Because the password is not match, seesion can not login database from WAS.
We ask for develper to fix this problem. But he said he need long time to fix it.Before he fix it, this is a risk. Someone can using command "connect to *** user *** using ****" login database and do something. We need some technical skill to control this risk.
I have one idea. I create something in database, when this account login database, it can check it. If it loging using JDBC, it's pass. If it loging using command or other client, it's fail.The database reject it's login request. But I have no idea how to do it.
Anyone can help me? How to do it? Thx.