• State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 23 subscribers
  • Views 800 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Bug that allows user with no NCM access to pull from config archives

clarv02

We have a local account that is configured in NCM as:  None No access to NCM functionality.

We validated no NCM access when invoking ConfigSearch like this:

swis.invoke('Cirrus.ConfigArchive', 'ConfigSearch',...)

HOWEVER, when doing a swis.query("SELECT ... FROM Cirrus.ConfigArchive"), this user is actually able to view configs.

This is an application design flaw, correct? (a security flaw)

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.