Re: BYPASS privilege !!

BaxterD@xxxxxxxxxx wrote:
demarkation between OS Admins and App Admins, and while it is usually
relatively simple to restrict App Admins access to the OS, it is much
less simple to stop a Sys Admin from messing with the App

I'll give you my experience with the defunct ST400 app for SWIFT transfers on VMS.

The app was designed to prevent tampering of the data. One file has encrypted records. There was a readable log file. But if I were to mess with the log file, the app would notice it in many ways. First, each record has a checksum as part of the swift transfer.

There were also application level privileges. For instance, if a user issued a funds transfer request above that user's limit, the request would be routed to someone with authorisation for that level of transfer.

Another example was the operators. Every night, they were the ones who sent tha daily statement of transactions to each correspondant bank. To do this, they had to have an ST400 application account, but that account was restricted to 0$ transfers. So they couldn't cheat and add a few transactions in the batch to send money to their swiss bank account.

And more importantly, while I could redirect some logical names to cause that operation to use a different file with my own transactions, the operation would still be restricted by the operator's ST400 account restriction (aka: still unable to send some money from that bank to my swiss bank account).

Sending money to a swiss bank account would have also required I use my personnal Concorde to fly to switzerland ASAP to widthdraw the money from that aco*** before business hours in north america since at that time, the ST400 manager would look at the overnight logs and notice outgoing fnds and know to which account they had gone.

On the other hand, when you look at ALLIN1, the system manager can do a LOT of things and change people's email contents etc etc and this is not logged and absolutely not traceable.

So one needs a properly designed application that is actively designed to prevent tampering of data.
.