 | Security leak with GMOL |  |
 Posted: Tue Nov 02, 2010 9:32 am |
Points: 0  |
|
| rowland |
| n00b |
|
 |
| Joined: 02 Nov 2010 |
| Posts: 4 |
| Location: UK |
|
|
|
|
|
 |
|
| We have recently started using the Outlook Link and we have found a serious security problem. Frontier Software have proved that they have solved this leak in the Premium Edition but we do not have the considerable funds required to upgrade to Premium. Basically if a staff member wants to read the internal emails of a senior manager they create a dummy company and add the senior manager as a contact. Since all sent emails are defaulted to be recorded in the GM history, any email sent to the senior manager is recorded and can be read by the staff member. Curtaining does not solve the problem as the contact can be moved to another company even if the primary company is curtained. GM suggest an AP to run regularly to wipe the emails out of the history or a SQL trigger to do the same. Has no one else noticed this? |
|
|
|
|
| | |
| Posted: Tue Nov 02, 2010 10:06 am |
Points: 0 |
|
| DougCastell |
| GoldMine Guru |
|
|
| Joined: 15 Jun 2006 |
| Posts: 1639 |
| Location: Los Angeles, CA |
|
|
|
|
|
|
|
| very few installations use the setting to automatically link mail. If you do, you will end up with mail being automatically linked that you may or may not want to be linked and will have to deal with it on your own. |
|
|
|
|
| Posted: Tue Nov 02, 2010 10:13 am |
Points: 0 |
|
| rowland |
| n00b |
|
|
| Joined: 02 Nov 2010 |
| Posts: 4 |
| Location: UK |
|
|
|
|
|
|
|
| Even if I don't turn this feature on as standard the users many turn it on. Anyway if it is not turned on then the users are bound to forget to link any emails that they send to the GM contacts |
|
|
|
|
| Posted: Wed Nov 03, 2010 2:21 am |
Points: 0 |
|
| ronanc |
| GoldMine Veteran |
|
|
| Joined: 10 Sep 2007 |
| Posts: 723 |
|
|
|
|
|
|
|
|
| I havent tested this, but if you create a record, add all the managers emails to the record, curtain it, then remove delete rights from users, does this allow them to move the email address to another record? In my head it shouldnt, but I could be wrong. |
|
|
|
|
| Posted: Wed Nov 03, 2010 6:29 am |
Points: 0 |
|
| rowland |
| n00b |
|
|
| Joined: 02 Nov 2010 |
| Posts: 4 |
| Location: UK |
|
|
|
|
|
|
|
| Even if the record is curtained a user can create a new company and when he attaches the manager as a contact a pop-up appears saying this contact is attached to another company do you wish to move it. He says yes and it is moved and the emails pile up in the new company |
|
|
|
|
| Posted: Thu Nov 04, 2010 2:19 am |
Points: 0 |
|
| ronanc |
| GoldMine Veteran |
|
|
| Joined: 10 Sep 2007 |
| Posts: 723 |
|
|
|
|
|
|
|
|
| Even with delete rights turned off the user can move the email address? |
|
|
|
|
| Posted: Mon Nov 08, 2010 4:18 am |
Points: 0 |
|
| rowland |
| n00b |
|
|
| Joined: 02 Nov 2010 |
| Posts: 4 |
| Location: UK |
|
|
|
|
|
|
|
| I have just removed the right for ordinary users to delete, or modify a contacts details. I haven't tested the scenario in that state yet but it is not a situation i want to keep as I want the users to be able to add and modify contacts. |
|
|
|
|
ContactReview Forum Index » GoldMine 7 (Corporate Edition)
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT - 7 Hours
Page 1 of 1
|
|
|
|
Brought to you by Castell Computers, Doug Castell, Admin
Powered by phpBB © 2001-2004 phpBB Group
Theme created by Vjacheslav Trushkin
|
