A funy thing happened on a recent project (not saying which one but security was a TOP priority)
The rpd used LDAP to authenticate the users. The developers (me!) had a user set up in the rpd to do the dev work.
When then rpd was pubished to Production, my username was deleted. The Admiinstrator still existed with a diff password.
The LDAP did not contain, nor would the rules allow for, an account called 'Administrator'
So the rpd was very safe in Production. Problem is that no-one can log in to Answers and make ANY changes to the webcat. No new groups, no changing privileges. nothing.
how funny.
They were told, but Security is very important don't you know!.
(btw The obvious solution they woud not entertain was to have a user in the rpd that also existed in the LDAP, which was a member of the Admin group.
The work around that should have used is an Initialisation block to poulate a WEBGROUPS variable that included a high level group, such as Web Administrators.)
Wednesday, September 03, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment