This what I was able to do witgh a 2.60 D client : 1/ Create a new DB 2/ Restore a Backup 3/ Go to tools\users\security\database logins 4/ delete all the users set up there Conclusion : anyone who’s got a NF backup in their hand can get access to all companies data. firstname.lastname@example.org Edited by - Tarek Demiati on 2001 Feb 26 13:31:13
You are correct. That is why access to backups should be controlled via NT security.
Tarek It has been like that since Version 1.00. Navision are aware of it, so hopefully one day they will add security encription to the Backup file. David Cox MindSource (UK) Limited Navision Solutions Partner Email: email@example.com Web: www.mindsource.co.uk
One way around it is to only allow trusted users to actually do a backup. However, this is no excuse for the security flaw! In the character based product - Navision Classic - you were prompted for a user name and password when the backup was imported before you could do anything else. Lars Strøm Valsted Head of Project and Analysis Columbus IT Partner A/S
Many versions have been gone out since the first notice of this security flaw but Navision has done nothing yet to solve it… why should expect they solve this flaw in a soon future? The only good point is when you forgot your password or make a mistake on creating users rights disabling the super user (for example) and you have a really recent backup done Or when needing to analyze a client’s database for an update/modification and unknowning their passwords (you don’t need to have them… just a backup…) – Alfonso Pertierra firstname.lastname@example.org Spain
I heard rumours that in NF version 8.70 which is scheduled to be released in 3rd Quarter 2037 this bug should be fixed. Hey, wait a minute! I will be retired by then ------- With best regards from Switzerland Marcus Fabian
The actual reason for doing this (as opposed to 3.56 which had passwords) is that the bakup is not encrypted, but users gained a false sense of security by the fact that a password was requested. I agree that Navision should encrypt the database, (or at least make it available as an option).
I don’t think that Navision security is very power. last week, I forgot my password, so I also can entry Navision just spend 2 workdays.
That would be interessting to all of us, if you could tell us, how you “cracked” your navision password… Brgds Roland
That is NOT cracked password, Just for forgoet my password myself. I think that solution we should NOT discuss. Because I also think Navision software is very well. even some place have a little problem.