Subject: | |
From: | |
Reply To: | |
Date: | Tue, 30 Mar 1999 17:37:05 GMT |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Jeff Vance <[log in to unmask]> wrote:
>
> 3. Non-SM cannot alter a file with a negative (PRIV) file code to
> any file code value.
>
I am very concerned about SM users being able to do that, too. Though usually
ignored, and now often by-passed, the original authors of IMAGE went out of
their way to separate SM capability and full control over databases. You need
to be the creator or know the maintenance word before you can muck with
databases. Now, someone with SM can get passwords and log on as the creator
perhaps, but there still may be other controls in place to prevent that. If an
SM user can now un-privilege a database, print out passwords and other
sensitive data, then re-privilege the database, I believe a serious security
hole will have been opened.
PRIV files should be privileged. SM should not be able to do it. An arguement
could be made for PM users, but anyone with PM should know other ways to get
the job done anyway. I say that the ALTFILE command should not be allowed to
work on negative filecodes for anyone.
Steve
|
|
|