If Your users don't absolutely need the ability to save own inboxes then disable the feature because with the right knowledge it is possible to construct an inbox that grants the user executing it admin rights.
If Your users don't absolutely need the ability to save own inboxes then disable the feature because with the right knowledge it is possible to construct an inbox that grants the user executing it admin rights.
How can a user do that? :red:
I would be interested of a short example in some sort of a way (not here, necessarily...can be mailed to my e-mail address) :smile: :smile:
I can send the exact frase to You on monday. I don't have it at home.
But it involves using parse / evalute and setting the capability words to SysAdmin.
well, thanks!
I know I could probably figure it out from what you now mentioned, but if you don't mind sending it, that would save me some time - which I can use to run some other tests on my home copy of SC
Interesting to see if the inbox query works on the SC 4.02 that I have.
Another thing; this one about that anubis again: I found a reference to the anubis files also on page 12-4 of the "Data Administration Guide"... and it is mentioned that the anubiscontrol file is 'a reference file to define which processes should be tracked'. This could mean that the information from Peregrine is slightly incorrect; that the process does not have to be defined among the default startup processes (as long as it has been defined in the anubiscontrol file). On the other hand, I haven't tested this yet, so I'm not sure if that's the case.
regards,
Jarmo
I did test the inbox security bug on 4.0.6 today and it is still an issue. The issue has been raised as a bug and Peregrine have told me that it will be corrected they just don't know when.
Hi!
I am also interested in an example of this and would be grateful if you could email it to me?
Many thanks,
Björn Kihlberg
bjorn.kihlberg@cygate.se
Originally Posted by tommy
Ok, thats good.
We are currently using 4.0.6 so it still applies to our system i think. Can you email an example?
Regards,
Björn
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
Bookmarks