Showing results for 
Search instead for 
Do you mean 
Community Home Request Access Read Blogs Share Your Ideas Search Community View My Settings
Reply
Highlighted
Copper Elite Contributor
Posts: 153
Registered: ‎02-27-2010

SalesLogix Top 3 Security Concerns (7.2.2)

I thought it would helpful to identify SalesLogix's top 3 security concerns:

  1. Sensitive sysdba/sa server passwords at risk (only if remote clients) - see Remote Client Security Risks Post
  2. Attachments - All Attachments accessible to all users, typically entire company and perhaps even compromised PCs
  3. Legacy Security Risks - Users' access can be compromised via poorly secured legacy password (typically a default)

Are there others?

Are you comfortable with this?

Are your clients?

Are your clients' clients?

Are your auditors?

Is your management?

Is Sage?

 

Thanks,

Larry Esposito

 

Highlighted
Copper Elite Contributor
Posts: 153
Registered: ‎02-27-2010

Re: SalesLogix Top 3 Security Concerns (7.2.2)

Well the first issue has been resolved since SalesLogix demonstrated that the functionality is working as it should and not requiring that the sysdba/sa pws be available to the user.

 

I had a chat with RJL regarding the other 2 issues. For the Attachments folder, he suggested hiding the path with the $ suffix for the share name. I know what he's talking about but I can't explain it so you might want to talk to your BP to know more.

 

And for the SalesLogix passwords, RJL argued that you could have users set passwords prior to linking them to Windows authentication. Now no one could easily access using their password. But SLX should limit the number of tries.

 

So we have an upcoming security meeting and I feel confident I have some answers that might keep us out of hot water.

 

Thanks,

Larry Esposito