|
"mlazarus@xxxxxxxxxxxxx" <mlazarus@xxxxxxxxxxxxx> wrote:
The original poster (Shalom) was suggesting that ...
<snip>
there is a possible security hole.
I agree that this isn't a "hole". I think it comes down to the definition. I.e., is the existence of *ALLOBJ a hole? Of course it isn't. However, if there was no way to prevent access to *ALLOBJ, then a hole would exist. In this case, there is a set of actions that can take place that cause inaccurate info to be recorded. It is possible to cause a journal to record that one user created a value, when in fact the value was created by a different user. But because it's possible to prevent that by proper application of known security principles, it isn't a "hole". Nevertheless, this is fairly a novel idea and is well worth being made known to everyone. It clearly demonstrates that proper precautions must be taken. It provides a textbook example of why, for example, debug access to production tasks is a serious issue. The discussion illustrates for everyone who is learning from this list why the related precautionary guidelines exist. Tom Liotta
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
