toggle

AAPL Stock: 523.69 ( + 14.23 )

MYOB 3 security issue relating to permissions

updated 03:55 pm EST, Wed January 22, 2003


A reader notes a security issue with relating to permissions. "I've had an ongoing discussion with the tech support about permissions required to run the program. What it boils down to is this, the normal user of the program is required to have access permissions, rwx, to the MYOB applications directory..."

This is done since a temporary spool file is created here for viewing reports. I suggested that a better place for this file would be where the user has normal access. E.g. Where the data file is stored in a non-networked case, since the user needs rw permissions here anyways. In a network case, the file could be in the users home directory. (The user has to run the application off of their local machine).



Otherwise this leaves that directory (in my case the /Applications) open for
that user, or depending how the groups are setup - any user, to erase the
application, install a trojan, or any other program into a location where
everyone assumes only the admin has put programs.



They probably think I'm paranoid. To use an old cliché, an ounce of
prevention is worth a pound of cure.


by MacNN Staff

print
email
(5)

TAGS :

 audio

Related Articles

Recent Articles

toggle

Comments

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    01/22, 04:44pm | report spam | Reply |

    Ummm

    Could it be handled a lot simply by putting MYOB in a sub-folder, and giving access to only that? Cures half the ills at least. Second step, specifically then change the permissions on the application file to not allow it to be replaced by users of that group (what, r-x?).

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    01/22, 07:15pm | report spam | Reply |

    Stupid like Quicken 2003

    Quicken 2003 also proposes to create it's data file in the Applications folder. How stupid. The programmers need to get their mindset around the fact that the Applications folder is read-only for anyone except someone with Admin proviliges. User files go in their "Documents" folder. Duh!

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    01/22, 07:20pm | report spam | Reply |

    Cheap OS 9 port anyone?

    Cheap, cheap, cheap, cheap, cheap.

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    01/22, 10:50pm | report spam | Reply |

    Re: Like Quicken 2003

    I never understood the 'suggestion' to store your data file with the app (I guess it makes it easy for them to upgrade the file every year they update Quicken with a new whiz-bang feature - yeah, that's sarcastic). I've never stored it there, though, and at least its not required. However, they do require access to the directory to store (a) the Quicken Quotes file, and (b) store the backups of your quicken files. You really think they'd learn something. I'm sure on Windows they probably don't require such garbage.

  1. MacNN.com Reader

    Fresh-Faced Recruit

    Joined: Jul 2001

    0
    01/23, 09:20am | report spam | Reply |

    Library Preferencces

    Most of the "spool" type files, or "cache" type files in OSX are temporarily stored in the users home directory Library folder or in a sub folder within Library.

    I would call the MYOB problem an issue of a classic application being carbonized without addressing how certian things work within OSX. They should IMMEDIATELY correct this and issue a minor revision update.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 

Popular News