Comments on: Security loophole found in Groove 2007 Files Tool http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/ Innovative Technology presented by Innovative People Wed, 10 Mar 2010 15:33:20 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Jeroen Jansen http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/comment-page-1/#comment-26276 Jeroen Jansen Fri, 12 Oct 2007 11:12:13 +0000 http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/#comment-26276 Hi Luc, If you are in a workspace then you have always the read right. That is the lowest right sort of speak. The Guest role has that permission by default. You have three roles by default, Manager, Participant and guest. As a manager of a workspace you can edit the security per rol and not per user. If we don't want user in a workspace to go to some specific folder then an option van be to create a new workspace. And putting links to those files and folders in the original workspace. Then only invited users to the new workspace can use the links to get to the data. I hope this some kind of solution for you. If not or you have any questions please let me know. see ya Jeroen Jansen Hi Luc,

If you are in a workspace then you have always the read right. That is the lowest right sort of speak. The Guest role has that permission by default.
You have three roles by default, Manager, Participant and guest. As a manager of a workspace you can edit the security per rol and not per user. If we don’t want user in a workspace to go to some specific folder then an option van be to create a new workspace. And putting links to those files and folders in the original workspace. Then only invited users to the new workspace can use the links to get to the data.

I hope this some kind of solution for you. If not or you have any questions please let me know.

see ya

Jeroen Jansen

]]> By: luc.slenders http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/comment-page-1/#comment-26185 luc.slenders Wed, 10 Oct 2007 08:22:41 +0000 http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/#comment-26185 Hi, I've got a question about permissions, not directly related on this bug, but I coudn't find a better pleace to post :) Is there a way to give "read" permission/restriction into the security of Groove? In a different folders in my root folder. 1 of these folders may not readable for some users in the workspace. Is this possible? I think they forgotten the read-permission in the permissionoptions... :( is there maybe a work around? Hi,

I’ve got a question about permissions, not directly related on this bug, but I coudn’t find a better pleace to post :)

Is there a way to give “read” permission/restriction into the security of Groove?

In a different folders in my root folder. 1 of these folders may not readable for some users in the workspace.

Is this possible? I think they forgotten the read-permission in the permissionoptions… :(

is there maybe a work around?

]]> By: abbott lowell http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/comment-page-1/#comment-1825 abbott lowell Wed, 14 Feb 2007 10:31:23 +0000 http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/#comment-1825 Hey Kevin, thanks for pointing this out. I've spoken with development about this, and we now have a bug open. Thanks for raising the awareness. i' ve also posted a link, and some additional information, on http://blogs.technet.com/groove. I agree with Jeroen's post that I wouldn't nescessarily recomend disabling this permission for members in the space. Hey Kevin,
thanks for pointing this out. I’ve spoken with development about this, and we now have a bug open. Thanks for raising the awareness. i’ ve also posted a link, and some additional information, on http://blogs.technet.com/groove. I agree with Jeroen’s post that I wouldn’t nescessarily recomend disabling this permission for members in the space.

]]> By: Jeroen Jansen http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/comment-page-1/#comment-1634 Jeroen Jansen Sun, 11 Feb 2007 08:05:18 +0000 http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/#comment-1634 Be aware that by changing this permission you don't have the right of changing someone else his file content. And maybe you need that permission. So be aware. The loophole is there but you need to think if you really need to change that permission. Groove is tool for working together on files and other stuff and changing this permission would undermine the functionality of Groove. But that still means that Kevin is right about the loophole being there. And it need to be addressed. See ya, Jeroen Be aware that by changing this permission you don’t have the right of changing someone else his file content. And maybe you need that permission. So be aware. The loophole is there but you need to think if you really need to change that permission.
Groove is tool for working together on files and other stuff and changing this permission would undermine the functionality of Groove.
But that still means that Kevin is right about the loophole being there. And it need to be addressed.

See ya,

Jeroen

]]> By: Kevin Reeuwijk http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/comment-page-1/#comment-1605 Kevin Reeuwijk Sat, 10 Feb 2007 13:35:50 +0000 http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/#comment-1605 First go to the Files tool in your workspace, then right-click on the root folder and select 'Properties', then go to the 'Permissions' tab. Repeat the procedure for every Files tool in every workspace that you need the extra security for. First go to the Files tool in your workspace, then right-click on the root folder and select ‘Properties’, then go to the ‘Permissions’ tab. Repeat the procedure for every Files tool in every workspace that you need the extra security for.

]]> By: Stefan Stranger http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/comment-page-1/#comment-1604 Stefan Stranger Sat, 10 Feb 2007 10:11:30 +0000 http://www.buit.org/2007/02/09/security-loophole-found-in-groove-2007-files-tool/#comment-1604 How do you remove the "Modify files" permission for the Participant Role? I don't see this permission for the Participant Role. See screenshot on http://weblog.stranger.nl/files/images/GroovePermissions.png Regards, Stefan Stranger http://weblog.stranger.nl How do you remove the “Modify files” permission for the Participant Role? I don’t see this permission for the Participant Role.

See screenshot on http://weblog.stranger.nl/files/images/GroovePermissions.png

Regards,
Stefan Stranger
http://weblog.stranger.nl

]]>