企业绩效管理网

 找回密码
 立即注册

QQ登录

只需一步,快速开始

查看: 868|回复: 12

Isn't TM1 Vulnerable due to file structure?

[复制链接]

78

主题

403

帖子

578

积分

高级会员

Rank: 4

积分
578
QQ
发表于 2014-3-16 07:28:13 | 显示全部楼层 |阅读模式
Hi Everyone,

I've worked on Cognos Planning for a year and recently have started working on TM1.
One major difference I found in TM1 is that it doesn't use a database at all and everything stored in a folder on drive.
However, this also brings to my mind that it is very vulnerable as anybody can edit/see/ extract information from those files.
I tried searching a thread on this topic using keywords, however could not find one.
Please direct me to one in case there's one.
回复

使用道具 举报

64

主题

373

帖子

515

积分

高级会员

Rank: 4

积分
515
QQ
发表于 2014-3-16 08:55:56 | 显示全部楼层
TM1KS wrote:I've worked on Cognos Planning for a year and recently have started working on TM1.
One major difference I found in TM1 is that it doesn't use a database at all and everything stored in a folder on drive.

As opposed to the way that files for Oracle, SQL Server, DB2, MySQL and so forth are stored in folders on a drive?
TM1KS wrote:However, this also brings to my mind that it is very vulnerable as anybody can edit/see/ extract information from those files.

Have you tried reading the numbers out of a binary .cub file, then? Good luck with that. I'm sure it's possible to do if you throw enough hacking time at it (or just load the cubes into a local server), but there's a more fundamental reason why you (as an end user or hacker) shouldn't be able to do that.

And that reason is this; just as with database files you are supposed to secure the folders that contain the TM1 server's data files using the operating system's security so that "anybody" doesn't have access to them. Only the administrators should. There is no need at all for end users to have access to the data files (or even the folders containing them), nor should they.

There is no system on earth, none, that is impervious to hacking if someone can access the source data files and is prepared to spend the time on doing it. TM1 is no different to any other system in that respect, nor is it any different to any other system in that the way to prevent that is to limit / prevent access to those files in the first place.
回复 支持 反对

使用道具 举报

93

主题

423

帖子

630

积分

高级会员

Rank: 4

积分
630
QQ
发表于 2014-3-16 09:29:13 | 显示全部楼层
There are many large corporations that use TM1 for storing data, some of which is considered as sensitive. In partnership with a good IT department, in every case I have seen it fulfils all the audit requirements for security compliance. I think you can take some significant comfort from this that TM1 will meet safety standards.

Given Alan's comments (and caveat that no system is 100% secure) on securing the underlying file structure and a sensibly built application security model, TM1 data can be considered as safe.
回复 支持 反对

使用道具 举报

70

主题

437

帖子

587

积分

高级会员

Rank: 4

积分
587
QQ
发表于 2014-3-16 09:58:13 | 显示全部楼层
[quote]Alan Kirk wrote:[quote]TM1KS wrote:I've worked on Cognos Planning for a year and recently have started working on TM1.
One major difference I found in TM1 is that it doesn't use a database at all and everything stored in a folder on drive.

As opposed to the way that files for Oracle, SQL Server, DB2, MySQL and so forth are stored in folders on a drive?
[/quote]

Well, did not come to my mind.  Alan,  do you mean to say that it is just as vulnerable as the files from Oracle/ SQL Server, DB2, MySQL and so forth had there been this database level ?

[/quote]
回复 支持 反对

使用道具 举报

74

主题

428

帖子

599

积分

高级会员

Rank: 4

积分
599
QQ
发表于 2014-3-16 10:06:18 | 显示全部楼层
TM1KS wrote:[quote]Alan Kirk wrote:[quote]TM1KS wrote:I've worked on Cognos Planning for a year and recently have started working on TM1.
One major difference I found in TM1 is that it doesn't use a database at all and everything stored in a folder on drive.

As opposed to the way that files for Oracle, SQL Server, DB2, MySQL and so forth are stored in folders on a drive?
[/quote]

Well, did not come to my mind.  Alan,  do you mean to say that it is just as vulnerable as the files from Oracle/ SQL Server, DB2, MySQL and so forth had there been this database level ?

[/quote]

It's well into the evening here and I've had a long and generally pretty bleeding awful day so it's possible that my powers of comprehension aren't what they should be... but I'm afraid that I don't understand that question.

What I was saying was that all client / server data management systems, whether it be TM1 or any other system, write to files on a disk to do permanent storage of their data. And with all of those systems, the client is never supposed to interact directly with the files. Only the server application is supposed to read from or write to the files. The client software is supposed to send commands to the server software to manipulate the data, never the files. The data files are supposed to be locked away in secured folders where no normal end user can see them, access them or even be aware of their existence. It's the same for pretty much any client / server management system you'd care to name.
回复 支持 反对

使用道具 举报

90

主题

419

帖子

614

积分

高级会员

Rank: 4

积分
614
QQ
发表于 2014-3-16 10:09:58 | 显示全部楼层
Alan .............. I don't disagree with the general point that TM1 is as secure as any other system.  However, is it not the case that all users need write access to the TM1 data directory so that their views can be stored?  I'm not sure that these are done in the name of the Service Account.  On a related topic (and at the risk of thread hi-jacking), our initial reviews of 10.1.1 seem to show that the (otherwise useful) feature of being able to create new server instance through the Admin Console, appears flawed in that it creates the instance under the account of the user rather than a Service Account.

hugh
回复 支持 反对

使用道具 举报

87

主题

373

帖子

564

积分

高级会员

Rank: 4

积分
564
QQ
发表于 2014-3-16 10:15:10 | 显示全部楼层
hbell wrote:However, is it not the case that all users need write access to the TM1 data directory so that their views can be stored?
No, they do not.
hbell wrote:On a related topic (and at the risk of thread hi-jacking), our initial reviews of 10.1.1 seem to show that the (otherwise useful) feature of being able to create new server instance through the Admin Console, appears flawed in that it creates the instance under the account of the user rather than a Service Account.
It just requires a second step where you go into  Windows Control Panel and modify the account. Pretty simple.
回复 支持 反对

使用道具 举报

83

主题

388

帖子

565

积分

高级会员

Rank: 4

积分
565
QQ
发表于 2014-3-16 10:18:53 | 显示全部楼层
hbell wrote:However, is it not the case that all users need write access to the TM1 data directory so that their views can be stored?  I'm not sure that these are done in the name of the Service Account.
Hi Hugh - No! All the writing to <user>}vues and <user>}subs directories are done by the service account.  Users don't need and should never have access to the data directory.
回复 支持 反对

使用道具 举报

83

主题

421

帖子

617

积分

高级会员

Rank: 4

积分
617
QQ
发表于 2014-3-16 10:19:08 | 显示全部楼层
hbell wrote:Alan .............. I don't disagree with the general point that TM1 is as secure as any other system.  However, is it not the case that all users need write access to the TM1 data directory so that their views can be stored?  I'm not sure that these are done in the name of the Service Account.  

No! Emphatically, absolutely, NO! It is the server application that saves the view definitions, not the individual clients. The individual clients simply tell the server application what the definition of the views that they need to save is, and the server application handles writing those definitions to disk. When the user logs on it is the server application, not the client, which reads the client's view definitions. The view definitions are passed back from the server application to the client via the client software that they are using, be it Client, Architect, Perspectives, Web, EV or some custom thing whipped up with the API.

It is the account that the server application is running under which needs permission to read and write to the data directory, not the accounts of the end users. The server application always stands between the clients and the data directories.

I'm not sure whether it's clear enough on the subject (I don't explicitly cover the issue of data files) but this:
http://www.youtube.com/watch?v=yYHHbk8qITA
tries to explain how client/server applications work. The client does not work with the system data files.
回复 支持 反对

使用道具 举报

75

主题

385

帖子

554

积分

高级会员

Rank: 4

积分
554
QQ
发表于 2014-3-16 11:03:33 | 显示全部楼层
Hello Hugh,

With "No!" resounding in your ears, I think it would be churlish of me to do the same, even though we know each other well. If you permit me to be assumptive, we did once tackle a similar issue together where users needed some permission to the underlying files, but it was a TM1WEB folder issue, not data directory.

Regards to you and the team.
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|手机版|小黑屋|企业绩效管理网 ( 京ICP备14007298号   

GMT+8, 2020-10-31 00:29 , Processed in 0.187634 second(s), 15 queries , Memcache On.

Powered by Discuz! X3.1 Licensed

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表