11 Replies Latest reply on Feb 17, 2014 8:17 AM by davehob

    Security - corruption of Full access account?

    davehob

      I’ve had a serious security issue with a hosted FM11 file, and wondered if anyone has any comments or advice.

      The file had one (and only one) [Full access] account. (I now realise that having only one account was a big mistake.) Somehow, one of 3 things happened – either the password for that account was changed, or the account was renamed, or it was deleted. I have no way of knowing which it was, but the net result was that I had no [Full access] access to the file.

      I have resolved the situation by cloning a backup, and importing the data to the blank clone, but the whole thing has really worried me.

      The way I see it, the issue has been caused by one of 3 things:

      1) User error, i.e. I've inadvertently changed the password, or renamed/deleted the account. Deletion of the only [Full access] account is not permitted, and renaming an account or resetting the password requires password confirmation. Add to this the fact that this file has had the same password for (literally) years; that I was, at the time, the only person who knew the password (it wasn’t even written down, anywhere); and that I was away from the office on the day that it happened, and I am left absolutely confident that I didn’t do this.


      That leaves:

       

      2) Malevolence, i.e. somebody has used the system and changed the password. But the only person who knew that password was me. And whilst I recognise with hindsight that this wasn't a good thing, it rules out somebody having used it illegitimately. So it hasn't been used by anybody else.

       

      That leaves:

       

      3) Malfunction/corruption. I can only think that some combination of circumstances has corrupted the security.


      Or have I missed something? I should say that, if I were reading this post, I’d be inclined to feel that it was user error of some kind, and obviously I recognise the error I have made, i.e. having only one [Full access] account, but I wouldn’t be asking for your advice if I wasn’t so confident of not having made other errors here.

       

      Thanks for your attention,

       

      Dave.