|
|
|||
|
|||
|
Hello,
After speaking to someone at Support @ it has come to my attention that the security on the database seems pretty relaxed. During my conversation with support it has come to my attention that it would be possible for a digruntled employee to simply copy (or even delete!) the database files and extract the information from them. What plans do CommitCRM have in place to address this issue (if any) and what steps (other than backups) have other users taken to protect their database? Thanks Samuel |
|
|
|||
|
|||
|
Hi Samuel,
Employees that want to hurt the business they work at can do it in many different ways and it is out of the scope of RangerMSP to handle this. I think that in case an employee damages any of your business assets you have more than enough legal rights to make them pay for the damages. Anyway, a good backup is always recommended, whether it's for RangerMSP database or for any other files/data you have. Doron |
|
|
|||
|
|||
|
Hello,
Yes I understand what your saying but the information in the database is crucial and CommitCRM should be providing stricter security functions and the ability to protect the database. For example a lot of systems use MS-SQL and only certain administrators may complete certain functions on the database while lesser employees/administrators can only read/write to the databse. |
|
|
|||
|
|||
|
Samuel,
By upgrading to the CommitCRM SQL database option you should be able to address this security concern. It should afford you all of the same client/server security options as MS-SQL. Also it adds in better ODBC DB access, support for terminal server environments, and better performance over the file based CommitCRM DB. Compared to the expense of MS-SQL it is cheap. Vernon Southmayd Creative Computing http://twitter.com/VernonSouthmayd |
|
|
|||
|
|||
|
Hello,
From the sounds of it CommitCRM doesn't agree. "The SQL version helps to enhance performance and makes your system more robust. It is also required when working with server-based remote access tools, such as Terminal Services. The security is not a factor in this case as the data is saved in a similar way as using the non-server-based database. Anyway, once a user has full access rights to the database folders, they can copy the files and will probably have access to the data…" Regards, Sam |
|
|
|||
|
|||
|
Hi All,
We would like to put some more light on this. I believe that our original reply to Sam wasn't completely accurate (sorry for the confusion). RangerMSP SQL Database should help with this, it is just that this alone won't prevent employees that want to damage your business from doing so... When RangerMSP SQL Database is in use, all database transactions are handled on the server alone and the server is the only one that accesses the database files. I recommend that you try to following - According to the way you handle privileges on your server, you should remove all edit/delete/etc privileges from all of your employees Windows users from all of the database files. Just make sure the Local System user on your server (and probably Administrators) do have access to these files, otherwise the SQL server itself will fail to access the database. FYI, Database files have .adt, .adm and .adi extensions and are stored on your server under the RangerMSP\Db folder. It is important that you will remove the privileges to specific database files and not from the entire RangerMSP\Db folder, as other files may exist or be created there as well. Doron |
