AnsweredAssumed Answered

Security issue using cifs to connect to AVM

Question asked by harshad on Mar 28, 2007
Latest reply on Apr 20, 2007 by kevinr
I was trying out certain use cases in WCM.

In one of them I have a static JSP site which I imported in bulk and I can preview it.  I was also trying to use cifs for modifying the html (directly in my editor of preference) and other JSP files already in the individual sandboxes for various users. 

Here is how I used CIFS.

- Connected to CIFS using \\servername_a\AVM (basically mapping to the virtual server)

- For a virtual server mapped drive no checkin/checkout is provided as in normal Alfresco cifs

mapping.

- Also once you are mapped in as any user via cifs there is no security. Basically having logged as me shows me the staging sites for all other users as well and allows me to change their files. Is this a security bug?

- As recommended at many places on the forum, I tried using CIFS for editing content in Web project. However there is this security issue. If there are multiple users I could change the files for those users as well.

Am I using Cifs properly or there is any other recommended way to use it?

Thanks,

Outcomes