For ex. User- Demo Is default admin account, not all thousands of user has access to dev studio or client tool in cloud world, but if somehow that account is left as it is and randomly some guy try to login to the URL with this and able to get in, no wonder there is an easy chance he can blow up configs and inturn the system if he want's ;)
So just looking for all possible ways to prevent such situations. We do have workflow mechanism implemented, but non-workflow can make it more portable to add or remove such restrictions for multiple users easily. Thanks for all suggestions. Sent from my BlackBerry® smartphone from !DEA -----Original Message----- From: Joe D'Souza <[email protected]> Sender: "Action Request System discussion list(ARSList)" <[email protected]> Date: Fri, 6 Sep 2013 16:32:05 To: <[email protected]> Reply-To: [email protected] Subject: Re: Prevent MT Login Prevent guest logins.. Joe -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:30 PM To: [email protected] Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerryR smartphone from !DEA -----Original Message----- From: Joe D'Souza <[email protected]> Sender: "Action Request System discussion list(ARSList)" <[email protected]> Date: Fri, 6 Sep 2013 16:02:47 To: <[email protected]> Reply-To: [email protected] Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -----Original Message----- From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: [email protected] Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" ____________________________________________________________________________ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
