AnsweredAssumed Answered

Security Issues

Question asked by Andries Koorzen on Mar 25, 2008
Latest reply on Mar 31, 2008 by Patrick Kennedy
Hi all. I have a potential issue with the local cache security in PDMWE.

I did a quick search through the administration guide but was unable to locate any further info on the matter so I'm now trying out the forums.

My problem is basically as follows:

A local file vault view can be deleted by me by simply right clicking on the view, selecting "Delete File Vault View", cancel (when asked to login) and then choose the option to leave the local cache intact as a normal folder. (page 309 - 310 of the adminstration guide)

Is it possible to limit this "deleting of the local view" to a logged in user? If not, I am afraid that a potential client will be lost due to security reasons (see below)

It concerns me greatly that access to sensitive information can be gained this way by deleting a view and then leaving the local cache intact for regular access. If a potential malicious attack results in information being made available through this "feature" then it renders the security of PDMWE ... well... null and void! It even has a note at the bottom of page 309 saying you don't have to log in!!!! It's like advertising the issue!

I trust that I am simply overlooking a trivial issue here - if anyone can advise it would be greatly appreciated.

Regards

Outcomes