Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Security issue using cifs to connect to AVM

harshad
Champ in-the-making
Champ in-the-making

‎03-28-2007 01:30 PM

I was trying out certain use cases in WCM.

In one of them I have a static JSP site which I imported in bulk and I can preview it.  I was also trying to use cifs for modifying the html (directly in my editor of preference) and other JSP files already in the individual sandboxes for various users. 

Here is how I used CIFS.

- Connected to CIFS using \\servername_a\AVM (basically mapping to the virtual server)

- For a virtual server mapped drive no checkin/checkout is provided as in normal Alfresco cifs

mapping.

- Also once you are mapped in as any user via cifs there is no security. Basically having logged as me shows me the staging sites for all other users as well and allows me to change their files. Is this a security bug?

- As recommended at many places on the forum, I tried using CIFS for editing content in Web project. However there is this security issue. If there are multiple users I could change the files for those users as well.

Am I using Cifs properly or there is any other recommended way to use it?

Thanks,
Labels:
0 Kudos
3 REPLIES 3

eyestreet
Champ in-the-making
Champ in-the-making

‎04-06-2007 11:52 AM

Hi Harshad,

When you mount the CIFS interface, what credentials are you supplying?  I haven't tried with this latest release, but I though somewhere along the way that CIFS would only show the sandboxes that particular user ID has access too.  Staging will always be visible, based on the way things are now, but you should not be able to change those assets.

Well, I just tested it out here as well.  There is basically no security on the CIFS interface above and beyond the credentials you supply to mount the device.  Harshad, would you like to file the JIRA, or see if one has been filed already?  –> Tested on enterprise edition

Brent Kastner
Eye Street
0 Kudos

harshad
Champ in-the-making
Champ in-the-making

‎04-06-2007 12:06 PM

Hi Brent,

I tried with many users, with admin, with ordinary users and on both windows and Linux.

Once any user logs in he is able to see the entire /avm although security exists for /Alfresco.

I haven't heard from others on this on the forum for a long time though.

-harshad.
0 Kudos

kevinr
Star Contributor
Star Contributor

‎04-20-2007 05:42 AM

This has been raised as an issue.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC