I'm still debating the upgrade to 5.0, but it still seems to me that the
ODBC drivers would have to be configured on each workstation. There has to
be some way to control their use through policies or something.
-----Original Message-----
From: Dina Hieber [mailto:dhieber@...]
Sent: Thursday, February 22, 2001 12:43 PM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Vantage security and ODBC
Brian,
If I read correctly, the ODBC in emanufacturing version 5.0 is automatically
installed on your client. You do not have a choice. I have not verified
this.
But can someone running 5.0 verify? - If this is the case I will think
twice
about going live with 5.0 until there is better security.
Best Regards,
Dina
Brian Davis wrote:
vantage-unsubscribe@egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
ODBC drivers would have to be configured on each workstation. There has to
be some way to control their use through policies or something.
-----Original Message-----
From: Dina Hieber [mailto:dhieber@...]
Sent: Thursday, February 22, 2001 12:43 PM
To: vantage@yahoogroups.com
Subject: Re: [Vantage] Vantage security and ODBC
Brian,
If I read correctly, the ODBC in emanufacturing version 5.0 is automatically
installed on your client. You do not have a choice. I have not verified
this.
But can someone running 5.0 verify? - If this is the case I will think
twice
about going live with 5.0 until there is better security.
Best Regards,
Dina
Brian Davis wrote:
> In my estimation, it's my responsibility (not Epicor's) to make sure thethe
> system is not wide open to the users. They have implemented their own
> security in their own application, and provided the necessary tools to
> administer it from and IS/IT admin. We (their customers) have demanded
> ability to access the data via ODBC. Maybe we should be careful what weask
> for. After all, it's up to us to either install or not install thedrivers
> on the workstations. In Scott's case, I understand that the company ishttp://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.htm
> pushing it on him. But isn't this a management responsibility within his
> company, and not really reflective of Epicor?
>
> -----Original Message-----
> From: Ted Kitch [mailto:ted@...]
> Sent: Thursday, February 22, 2001 7:32 AM
> To: 'vantage@yahoogroups.com'
> Subject: RE: [Vantage] Vantage security and ODBC
>
> There really isn't a lot that can be done regarding security using ODBC.
> ODBC was setup to use the database security of the DBMS itself. Here is a
> KB article from Progress regarding security -
>
> l?kbid=14081<http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.ht
>
> ml?kbid=14081> Epicor uses their own security in Vantage. I believe thathave
> you could implement Progress database security, but then everyone would
> to log on twice to access Vantage, once into Progress and once intoVantage.
>this
>
> The payroll tables are not accessible via ODBC in v4. I haven't tried
> with v5 yet. I view it just a little irresponsible, on Epicor's part, toa
> leave a corporate wide system wide open like this. Nothing gets the blood
> boiling like everyone in the company finding out where the money goes and
> who gets how much of it.
>
> Ted Kitch
> ted@...
>
> -----Original Message-----
> From: Lepley, Scott A. [mailto:sal@...]
> Sent: Thursday, February 22, 2001 7:59 AM
> To: 'vantage@yahoogroups.com'
> Subject: RE: [Vantage] Vantage security and ODBC
>
> Thanks for the reply, Joe. I should have mentioned that we are using
> version 3.00.632. Regarding payroll, I understood that the payroll table
> was encrypted and therefore could be read only through Vantage. Was this
> true in ver. 3 and now isn't in ver. 5? Additionally, I understand that,
> even if the payroll table is encrypted, this does nothing to protect labor
> rate information that may be stored in tables related to job management.
>
> I welcome additional comments.
>
> Regards,
> Scott
>
> -----Original Message-----
> From: Joe Konecny [mailto:jkonecn@...]
> Sent: Thursday, February 22, 2001 8:19 AM
> To: vantage@yahoogroups.com
> Subject: Re: [Vantage] Vantage security and ODBC
>
> The whole database is wide open with ODBC including payroll. Also
> consider that v5 installs odbc by default on each workstation
> like it or not. All they need is the host name, database name
> and the port number. That info is easy to get. So really any user
> anywhere can use ODBC and get at payroll or any other table.
>
> That said... I'm very glad ODBC access is there and fortunately
> none of our users know anything about ODBC.
>
> Troy Funte wrote:
> >
> > What I've heard on the list before, is that you want Access to have Read
> only links. Otherwise there is the risk of Access changing Vantage data in
> compromising way - meaning there are no checks and balances and data couldexported
> be corrupted. The SAFEST way to use Access is to import it from an
> file. By linking directly through ODBC, it would be hard, in my opinionto
> maintain any kind of security on the database. A user could corrupt thestuff.
> database, or have access to confidential information such as payroll
> >appreciate
> > I'm no expert, but these are some of the things I've heard. There are
> probably others on the list who could give you more detail.
> >
> > Troy Funte
> > Liberty Electronics
> > ----- Original Message -----
> > From: Lepley, Scott A.
> > To: Vantage YahooGroup (E-mail)
> > Cc: O'Rourke, Kevin P.
> > Sent: Wednesday, February 21, 2001 4:45 PM
> > Subject: [Vantage] Vantage security and ODBC
> >
> > I'm sure this has been discussed previously, but I sure would
> itwishes
> > if some users would be willing to respond again regarding this issue.
> >
> > The situation here at this company is the following. The Customer
> Service
> > Supervisor here is knowledgeable about databases. He is currently
> > developing a customer service application in Microsoft Access and
> touncomfortable
> > establish connections between Access and Vantage using ODBC
> functionality.
> > I am the person responsible for coordinating the company's use of
> Vantage.
> > I have no control over the application development. I am
> > providing this functionality because of security concerns. As far asI
> > know, if I implement ODBC, it will allow access to all of the Progresshttp://docs.yahoo.com/info/terms/
> > tables, except payroll, and thereby circumvent the access controls
> > established in Vantage. Everything that I have been able to learn so
> far
> > about this issue seems to confirm my concern. If my concern is
> legitimate,
> > are there any ways to mitigate this security risk?
> >
> > Regards,
> > Scott A. Lepley
> > Systems Administrator
> > Mauell Corporation
> > 31 Old Cabin Hollow Road
> > Dillsburg PA 17019-8815
> > Phone: 717-432-8686, ext. 14
> > Fax: 717-432-8688
> > Email: sal@...
> >
> > [Non-text portions of this message have been removed]
> >
> > Yahoo! Groups Sponsor
> >
> > Click here for Classmates.com
> >
> >
> > To unsubscribe from this group, send an email to:
> > vantage-unsubscribe@egroups.com
> >
> > Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
> >
> > [Non-text portions of this message have been removed]
> >
> >
> > To unsubscribe from this group, send an email to:
> > vantage-unsubscribe@egroups.com
> >
> >
> >
> > Your use of Yahoo! Groups is subject to
> <http://docs.yahoo.com/info/terms/>http://rd.yahoo.com/M=163100.1330039.2920210.2/D=egroupmail/S=1700007183:N/
> < http://docs.yahoo.com/info/terms/ <http://docs.yahoo.com/info/terms/> >
>
> Yahoo! Groups Sponsor
>
> <
>
><http://rd.yahoo.com/M=163100.1330039.2920210.2/D=egroupmail/S=1700007183:N/
> >http://us.adserver.yahoo.com/l?M=163100.1330039.2920210.2/D=egroupmail/S=17
> A=524804/* http://www.classmates.com/index.tf?s=2629
> <http://www.classmates.com/index.tf?s=2629> > Classmates.com
> Click here for Classmates.com
>
> <
>
><http://us.adserver.yahoo.com/l?M=163100.1330039.2920210.2/D=egroupmail/S=17
> ><http://rd.yahoo.com/M=163100.1330039.2920210.2/D=egroupmail/S=1700007183:N/
> 00007183:N/A=524804/rand=582186115>
>
> To unsubscribe from this group, send an email to:
> vantage-unsubscribe@egroups.com
>
> Your use of Yahoo! Groups is subject to the Yahoo!
> < http://docs.yahoo.com/info/terms/ <http://docs.yahoo.com/info/terms/> >
> Terms of Service.
>
> [Non-text portions of this message have been removed]
>
> Yahoo! Groups Sponsor
>
>
>
> A=524804/*http://www.classmates.com/index.tf?s=2629> Classmates.com<http://us.adserver.yahoo.com/l?M=163100.1330039.2920210.2/D=egroupmail/S=17
> Click here for Classmates.com
>
>
>
> 00007183:N/A=524804/rand=801979269>To unsubscribe from this group, send an email to:
>
> To unsubscribe from this group, send an email to:
> vantage-unsubscribe@egroups.com
>
> Your use of Yahoo! Groups is subject to the Yahoo!
> <http://docs.yahoo.com/info/terms/> Terms of Service.
>
> [Non-text portions of this message have been removed]
>
> To unsubscribe from this group, send an email to:
> vantage-unsubscribe@egroups.com
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
> To unsubscribe from this group, send an email to:
> vantage-unsubscribe@egroups.com
>
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
vantage-unsubscribe@egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/