[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] RAQ550 - Security query
- Subject: [cobalt-users] RAQ550 - Security query
- From: Simon Kirkpatrick <simon@xxxxxxxxxxx>
- Date: Thu Mar 20 17:26:27 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
RAQ550 - via the GUI, I have been able to display a list of every
userid, across all vsites, on the system - is this correct?
Logged in to the GUI as admin and editing a vsite - adding an email
alias for an already defined vsite user. The alias apparently exists
elsewhere on the system, so the add ceases with the message in red at
the foot of the gui saying "Sorry email alias is already in use.
Please choose another..." Then a list of every userid on the system is
displayed, broken down into groups of 25 userid's, with the standard
symbols against each to allow you to edit or delete the userid.
Inconsistency - it very much depends on the sequence of events as to
whether the system displays just the users for the vsite you are
editing the aliases of, or indeed a list of every userid on the system
(across all vsites). I have managed to reproduce the full-server userid
list three times now, on other occassions just the vsites own users are
listed.
I am quite sure this does not happen with my other RAQ's (RAQ1, 2, 4r),
and am concerned as to the consequences should this happen when a
customer is logged in to administer just one vsite. Since I am not
aware of a standard admin option to produce a list of every userid,
across all vsites, I am somewhat concerned.
Is the functionality correct and hence i am making a meal out of
nothing, or is this a flaw in the 550 gui?
Kind regards
Simon