01/22/2003, 3:55pm, EST
Wednesday, January 22nd[::FROM::] [::SiteName::]
MYOB 3 security issue relating to permissions
[::digg_button::]
This is done since a temporary spool file is created here for viewing reports. I suggested that a better place for this file would be where the user has normal access. E.g. Where the data file is stored in a non-networked case, since the user needs rw permissions here anyways. In a network case, the file could be in the users home directory. (The user has to run the application off of their local machine).
Otherwise this leaves that directory (in my case the /Applications) open for
that user, or depending how the groups are setup - any user, to erase the
application, install a trojan, or any other program into a location where
everyone assumes only the admin has put programs.
They probably think I'm paranoid. To use an old cliché, an ounce of
prevention is worth a pound of cure.
[::news_tags::]
[::doclix::]
[::boottext::] [::bootmark::]
[::layout::]
[::google::]


subscribe to comments
for this article
posted by MacNN.com Reader
posted by MacNN.com Reader
posted by MacNN.com Reader
posted by MacNN.com Reader
I would call the MYOB problem an issue of a classic application being carbonized without addressing how certian things work within OSX. They should IMMEDIATELY correct this and issue a minor revision update.
posted by MacNN.com Reader