RE: GEMS Connect to Data Base security crack

["Ken Clark" <ken@dieboldes.com>]

Yep.  And if you throw your server in a swimming pool, you loose all files too.  Oooooooo -- Scary stuff kiddies¹.

 

This bug only makes sense in the context of Texas certification, as Jeff pointed out.  The whole requirement is stupid beyond redemption.  A user can put a DOS floppy in the drive and fdisk the hard drive.  Is that a security breach too?

 

Whitman, I think there might be some flags in the file open dialog to prevent delete and change directory.  Please look into this, and then set those flags if the Texas log printer entry is not null.

 

Ken

 

¹Count Floyd was great

 

 

-----Original Message-----
From: owner-bugtrack@dieboldes.com [mailto:owner-bugtrack@dieboldes.com] On Behalf Of Tari Runyan
Sent: Wednesday, May 22, 2002 8:11 PM
To: bugtrack@dieboldes.com
Subject: Re: GEMS Connect to Data Base security crack

 

verified -  scary thought

especially if they empty the recycle bin

----- Original Message -----

From: <jeffh@dieboldes.com>

To: <bugtrack@dieboldes.com>

Sent: Friday, March 22, 2002 10:48 PM

Subject: GEMS Connect to Data Base security crack

 

 

> All versions, probably

> "Load" function -> Open with -> Right mouse click on gbf -> delete gbf,

etc.

>

> This is a security breach as no password is required to delete virtually

any

> file on the system, along with the ability to run any application, etc.

> We should limit the functionality of the Open With and Save As dialogs or

at

> least require the obligatory  password prior to their invocation.

>