Re: ISSUE/RISK Security Hole
From: Gary L. Chefetz \(MVP\) ("Gary)
Date: 02/26/05
- Next message: Gary L. Chefetz \(MVP\): "Re: Help ! Japanese MUI, Grid data not visible"
- Previous message: Gary L. Chefetz \(MVP\): "Re: Time*** HELP !!!"
- In reply to: Tim: "RE: ISSUE/RISK Security Hole"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 25 Feb 2005 20:24:53 -0500
Tim,
Of course it overrides the groups assignments, or in this case lack there
of, in the WSS groups.
-- Gary L. Chefetz, MVP "We wrote the books on Project Server" http://www.msprojectexperts.com For Project Server FAQs visit http://www.projectserverexperts.com For Project FAQs visit http://www.mvps.org/project - "Tim" <Tim@discussions.microsoft.com> wrote in message news:B8B481C3-A955-415A-B310-C45BB61DA02A@microsoft.com... > For those of you who care, I found the issue. Even though I was set up as a > team member in Project Server, which rightfully denied me access to the WSS > site via. Project Server, I was a member of the Local Administrator domain > account on the server which for some reason overrides the WSS controls. So > bottom line, the WSS controls were still in effect regardless of how I > entered the site. That's a good thing. > > "Tim" wrote: > > > I know that the security controls are good when one enters via the project > > server, however; if someone enters the WSS URL without going through PWA, > > then I found that it is wide open. > > > > i.e. https://servername/projectserver/issues/IssueShell.asp?ProjID=124 > > (Controls works fine.) > > > > https://servername/sites/projectserver_124/default.aspx (allows access when > > it should not.) > > > > Anyone know how to close this hole? > > > >
- Next message: Gary L. Chefetz \(MVP\): "Re: Help ! Japanese MUI, Grid data not visible"
- Previous message: Gary L. Chefetz \(MVP\): "Re: Time*** HELP !!!"
- In reply to: Tim: "RE: ISSUE/RISK Security Hole"
- Messages sorted by: [ date ] [ thread ]
