The debugger is available for ALL users in SC3SP3 with application level A9901! It is fixed in SP4 with A9902.
This means that any user can open the debugger and grant himself SysAdmin capability! >=(
[Edited by admin on 27-11-2001 at 08:44 PM GMT]
The debugger is available for ALL users in SC3SP3 with application level A9901! It is fixed in SP4 with A9902.
This means that any user can open the debugger and grant himself SysAdmin capability! >=(
[Edited by admin on 27-11-2001 at 08:44 PM GMT]
If you tell your users how they change the capability-words.... :smile:
THEN its your own fault...
Offcourse, that can be said about almost any of the security holes I know of. They are there but it does require knowledge to exploit it.
I have knowledge about a few security holes
Regards Tommy
Ok.. that debugger problem i seen already..
But honestly... i didn't look for any security-problems in SC3. Cause none of my users have that knowledge to destroy something. Not even by a mistake.
What i do of course, is i make from all important files a unload at night.. at least every 2 weeks... some important files every night. So even IF someone destroys datas or formats, links or something like that.. i have a backup from everything.
ANd we make every night a backup from our server on tape.
You dont think that should be enough?
IF someone would play around with something what he is not allowed to.. i have still the option to kick him really hard :grin:
<kidding>
How much You should do is always dependant on an assesment of risk.
For example we backup all the files every second hour. But in our sc we also register approx 22000 calls a month and approx 8000-10000 problems.
Regards Tommy
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
Bookmarks