As an added percaution, you could put the more sensitive reports in another
PRL, and secure that down with NT so only the accounting staff can access
that file.
Also, make sure that the report builder prorb32.exe is locked down so users
can't edit reports (prore32.exe is the report engine that vantage uses to
print reports, this should be left with at least read access).
$.02 - TMJ
-----Original Message-----
From: Wayne Cox [mailto:wmc@...]
Sent: Wednesday, August 01, 2001 11:37 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Security Hole for Reports
Just found a neat security hole in Vantage 4.0 that has the potential to
let users into the Custom Report Link screen.
All our reports are set up as menu icons; so the shop people can run their
purchasing, material, etc. reports, but not the payroll and financial
reports that are also defined in Custom Report Link.
Here's the hole: 1) Create a menu item to a Custom Report Link. 2)
Delete the report from Custom Report Links. 3) Double click the menu item
from #1 4) It launches you into Custom Report Link, where you can run ANY
of the reports, or modify the links.
I have a report that identifies them on the menu. Write me off-list if
you'd like a copy.
-Wayne Cox
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
PRL, and secure that down with NT so only the accounting staff can access
that file.
Also, make sure that the report builder prorb32.exe is locked down so users
can't edit reports (prore32.exe is the report engine that vantage uses to
print reports, this should be left with at least read access).
$.02 - TMJ
-----Original Message-----
From: Wayne Cox [mailto:wmc@...]
Sent: Wednesday, August 01, 2001 11:37 AM
To: vantage@yahoogroups.com
Subject: [Vantage] Security Hole for Reports
Just found a neat security hole in Vantage 4.0 that has the potential to
let users into the Custom Report Link screen.
All our reports are set up as menu icons; so the shop people can run their
purchasing, material, etc. reports, but not the payroll and financial
reports that are also defined in Custom Report Link.
Here's the hole: 1) Create a menu item to a Custom Report Link. 2)
Delete the report from Custom Report Links. 3) Double click the menu item
from #1 4) It launches you into Custom Report Link, where you can run ANY
of the reports, or modify the links.
I have a report that identifies them on the menu. Write me off-list if
you'd like a copy.
-Wayne Cox
Useful links for the Yahoo!Groups Vantage Board are: ( Note: You must have
already linked your email address to a yahoo id to enable access. )
(1) To access the Files Section of our Yahoo!Group for Report Builder and
Crystal Reports and other 'goodies', please goto:
http://groups.yahoo.com/group/vantage/files/.
(2) To search through old msg's goto:
http://groups.yahoo.com/group/vantage/messages
(3) To view links to Vendors that provide Vantage services goto:
http://groups.yahoo.com/group/vantage/links
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/