That is just an example.. Yes everything is password protected always. If I had an admin guy who knows one of the generic admin account present on the system and guy is now not part of organization, but he still can access the company URL through internet.. as the generic account may be used by several people at a time and those passwords may not be changed so frequently. May be too complex or have limitations for non-workflow implementation but this is a very genuine use case.
Sent from my BlackBerry® smartphone from !DEA -----Original Message----- From: Joe D'Souza <jdso...@shyle.net> Sender: "Action Request System discussion list(ARSList)" <arslist@ARSLIST.ORG> Date: Fri, 6 Sep 2013 16:46:08 To: <arslist@ARSLIST.ORG> Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login First of all why is your Demo user not password protected? That's a bad bad thing.. No other user on your system except your admins should have admin access rights. Configure your system that no guest users are allowed to login - simple check box on the server information page.. Plus you can use any combination you are comfortable with on suggestions given on this thread.. Joe -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:40 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login For ex. User- Demo Is default admin account, not all thousands of user has access to dev studio or client tool in cloud world, but if somehow that account is left as it is and randomly some guy try to login to the URL with this and able to get in, no wonder there is an easy chance he can blow up configs and inturn the system if he want's ;) So just looking for all possible ways to prevent such situations. We do have workflow mechanism implemented, but non-workflow can make it more portable to add or remove such restrictions for multiple users easily. Thanks for all suggestions. Sent from my BlackBerryR smartphone from !DEA -----Original Message----- From: Joe D'Souza <jdso...@shyle.net> Sender: "Action Request System discussion list(ARSList)" <arslist@ARSLIST.ORG> Date: Fri, 6 Sep 2013 16:32:05 To: <arslist@ARSLIST.ORG> Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Prevent guest logins.. Joe -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerryR smartphone from !DEA -----Original Message----- From: Joe D'Souza <jdso...@shyle.net> Sender: "Action Request System discussion list(ARSList)" <arslist@ARSLIST.ORG> Date: Fri, 6 Sep 2013 16:02:47 To: <arslist@ARSLIST.ORG> Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
