MYOB 3 security issue relating to permissions

[::related_name_google::] [::related_name_google1::]

[::related_stories_google::] [::related_products_google::]

A reader notes a security issue with MYOB 3 relating to permissions. "I've had an ongoing discussion with the tech support about permissions required to run the program. What it boils down to is this, the normal user of the program is required to have access permissions, rwx, to the MYOB applications directory..."

[::digg_button::]

This is done since a temporary spool file is created here for viewing reports. I suggested that a better place for this file would be where the user has normal access. E.g. Where the data file is stored in a non-networked case, since the user needs rw permissions here anyways. In a network case, the file could be in the users home directory. (The user has to run the application off of their local machine).

Otherwise this leaves that directory (in my case the /Applications) open for
that user, or depending how the groups are setup - any user, to erase the
application, install a trojan, or any other program into a location where
everyone assumes only the admin has put programs.

They probably think I'm paranoid. To use an old cliché, an ounce of
prevention is worth a pound of cure.

[::news_tags::]

[::delicious::][::slashdot::][::digg::][::buzz::] [::twitter::],

[::doclix::]

[::boottext::] [::bootmark::]

[::layout::]

[::google::]

5 comments

Reader Reactions

subscribe to comments
for this article

102959 01/22, 4:44pm, EST Ummm

Could it be handled a lot simply by putting MYOB in a sub-folder, and giving access to only that? Cures half the ills at least. Second step, specifically then change the permissions on the application file to not allow it to be replaced by users of that group (what, r-x?).

posted by MacNN.com Reader

102997 01/22, 7:15pm, EST Stupid like Quicken 2003

Quicken 2003 also proposes to create it's data file in the Applications folder. How stupid. The programmers need to get their mindset around the fact that the Applications folder is read-only for anyone except someone with Admin proviliges. User files go in their "Documents" folder. Duh!

posted by MacNN.com Reader

102999 01/22, 7:20pm, EST Cheap OS 9 port anyone?

Cheap, cheap, cheap, cheap, cheap.

posted by MacNN.com Reader

103023 01/22, 10:50pm, EST Re: Like Quicken 2003

I never understood the 'suggestion' to store your data file with the app (I guess it makes it easy for them to upgrade the file every year they update Quicken with a new whiz-bang feature - yeah, that's sarcastic). I've never stored it there, though, and at least its not required. However, they do require access to the directory to store (a) the Quicken Quotes file, and (b) store the backups of your quicken files. You really think they'd learn something. I'm sure on Windows they probably don't require such garbage.

posted by MacNN.com Reader

103053 01/23, 9:20am, EST Library Preferencces

Most of the "spool" type files, or "cache" type files in OSX are temporarily stored in the users home directory Library folder or in a sub folder within Library.

I would call the MYOB problem an issue of a classic application being carbonized without addressing how certian things work within OSX. They should IMMEDIATELY correct this and issue a minor revision update.

posted by MacNN.com Reader

Your Comments

Not a member of the MacNN forums? Register now for free.

Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com

Internet Marketing School - 100% Online: Master SEO, SEM, E Commerce, Media & More with a U of San Francisco Certificate.

Autodesk Inventor For Digital Prototypes: Use Inventor To Virtually Model, Test, and Iterate in 3D & Get To Market Faster!

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.

Have your product or service listed here.