-
Security
I have had an experience that merits reflection: In one of my clients they had a person in charge of the systems area. This person found out about the existence of the DBBldr / DBExplor tools in a way that altered some records.
For this reason I have been asking DAC the possibility of assigning SAFETY KEY to these modules.
Edgar
-
Re: Security
Edgar,
Protecting application data from end users has been a feature for many years. You set the registry key dbAdminMode to OFF and both DataBase Explorer and DataBase Builder will no longer allow editing data or the data structure.
It's located in HKEY_LOCAL_MACHINE\SOFTWARE\<WOW6432Node>\Data Access Worldwide\DataFlex\19.0\Defaults
You can look up dbAdminMode in the help for more information.
-
Re: Security
hi SWM
I already know the resource, but many times we forget to reactivate dbAdminMode.
In practice, if we work in the presence of other people, you will surely learn to activate / deactivate the options.
While the security key closes suddenly and already.
Edgar
-
Re: Security
Write a small, secure program that lets you toggle [COLOR=#333333]dbAdminMode when you need it.[/COLOR] That won't fix forgetfulness but might help if it's on the screen when you're done editing the data.
-
Re: Security
Bob,
I was going to suggest the same thing - great minds... :cool:
-
Re: Security
hi Bob,SWN
That is a solution ..... personal.
I respect your opinion very much, but I think the situation is much more global and in my opinion it should be resolved from DAC. It would be a superior quality of DF.
Thank you all for your opinions
Edgar
-
Re: Security
Not clear, did the user also find the registry keys and change the registry or were the programs left in dbadmin mode? Not sure what the best solution is, not bad ones suggested above. Much bigger security problem if the user actually changed the registry (IMHO) than if they just stumbled onto the programs and tried them.
Mark
-
Re: Security
Is the problem that someone who should be able to use DBExplorer is not resetting the admin mode after using it? The default when installed is OFF, so I guess it must be.
IMO, that's a pretty serious thing to forget. The phrase "Don't do that!" comes to mind... ;)
-
Re: Security
hi all
I just did a security test (df18.2).
a. dbexplor: When "DbadminMode" is OFF and the "configure" option already has the rights suppressed "Open / be read only / zerofile allowed", the table is vulnerable because the rights are open.
Edgar
-
Re: Security
Surely one cannot claim that protecting something by a registry setting that has boolean settings such as ON/OFF is called "secure".
It is really just one google search away for anybody who is not technically challenged.
This is called "security by obscurity" and the only correct solution is to not use the DataFlex embedded database (I know, that it is not a great answer either).
Yes I would like to see this fixed, but we need better security as a registry key with the options ON/OFF/TRUE/FALSE.
Blaming support personnel for forgetting to reset this registry key while it is clearly a design issue does not help either.
--
Wil