Isn't TM1 Vulnerable due to file structure?

林玫玫

Hi Everyone,

I've worked on Cognos Planning for a year and recently have started working on TM1.
One major difference I found in TM1 is that it doesn't use a database at all and everything stored in a folder on drive.
However, this also brings to my mind that it is very vulnerable as anybody can edit/see/ extract information from those files.
I tried searching a thread on this topic using keywords, however could not find one.
Please direct me to one in case there's one.

玩美123

TM1KS wrote:I've worked on Cognos Planning for a year and recently have started working on TM1.
One major difference I found in TM1 is that it doesn't use a database at all and everything stored in a folder on drive.

As opposed to the way that files for Oracle, SQL Server, DB2, MySQL and so forth are stored in folders on a drive?

TM1KS wrote:However, this also brings to my mind that it is very vulnerable as anybody can edit/see/ extract information from those files.

Have you tried reading the numbers out of a binary .cub file, then? Good luck with that. I'm sure it's possible to do if you throw enough hacking time at it (or just load the cubes into a local server), but there's a more fundamental reason why you (as an end user or hacker) shouldn't be able to do that.

And that reason is this; just as with database files you are supposed to secure the folders that contain the TM1 server's data files using the operating system's security so that "anybody" doesn't have access to them. Only the administrators should. There is no need at all for end users to have access to the data files (or even the folders containing them), nor should they.

There is no system on earth, none, that is impervious to hacking if someone can access the source data files and is prepared to spend the time on doing it. TM1 is no different to any other system in that respect, nor is it any different to any other system in that the way to prevent that is to limit / prevent access to those files in the first place.

黄华民

There are many large corporations that use TM1 for storing data, some of which is considered as sensitive. In partnership with a good IT department, in every case I have seen it fulfils all the audit requirements for security compliance. I think you can take some significant comfort from this that TM1 will meet safety standards.

Given Alan's comments (and caveat that no system is 100% secure) on securing the underlying file structure and a sensibly built application security model, TM1 data can be considered as safe.

jhh6yf

[quote]Alan Kirk wrote:[quote]TM1KS wrote:I've worked on Cognos Planning for a year and recently have started working on TM1.
One major difference I found in TM1 is that it doesn't use a database at all and everything stored in a folder on drive.

As opposed to the way that files for Oracle, SQL Server, DB2, MySQL and so forth are stored in folders on a drive?
[/quote]

Well, did not come to my mind.  Alan,  do you mean to say that it is just as vulnerable as the files from Oracle/ SQL Server, DB2, MySQL and so forth had there been this database level ?

[/quote]

sf656

TM1KS wrote:[quote]Alan Kirk wrote:[quote]TM1KS wrote:I've worked on Cognos Planning for a year and recently have started working on TM1.
One major difference I found in TM1 is that it doesn't use a database at all and everything stored in a folder on drive.

As opposed to the way that files for Oracle, SQL Server, DB2, MySQL and so forth are stored in folders on a drive?
[/quote]

Well, did not come to my mind.  Alan,  do you mean to say that it is just as vulnerable as the files from Oracle/ SQL Server, DB2, MySQL and so forth had there been this database level ?

[/quote]

It's well into the evening here and I've had a long and generally pretty bleeding awful day so it's possible that my powers of comprehension aren't what they should be... but I'm afraid that I don't understand that question.

What I was saying was that all client / server data management systems, whether it be TM1 or any other system, write to files on a disk to do permanent storage of their data. And with all of those systems, the client is never supposed to interact directly with the files. Only the server application is supposed to read from or write to the files. The client software is supposed to send commands to the server software to manipulate the data, never the files. The data files are supposed to be locked away in secured folders where no normal end user can see them, access them or even be aware of their existence. It's the same for pretty much any client / server management system you'd care to name.

0o小坏o0

Alan .............. I don't disagree with the general point that TM1 is as secure as any other system.  However, is it not the case that all users need write access to the TM1 data directory so that their views can be stored?  I'm not sure that these are done in the name of the Service Account.  On a related topic (and at the risk of thread hi-jacking), our initial reviews of 10.1.1 seem to show that the (otherwise useful) feature of being able to create new server instance through the Admin Console, appears flawed in that it creates the instance under the account of the user rather than a Service Account.

hugh

fuanxx

hbell wrote:However, is it not the case that all users need write access to the TM1 data directory so that their views can be stored?

No, they do not.

hbell wrote:On a related topic (and at the risk of thread hi-jacking), our initial reviews of 10.1.1 seem to show that the (otherwise useful) feature of being able to create new server instance through the Admin Console, appears flawed in that it creates the instance under the account of the user rather than a Service Account.

It just requires a second step where you go into  Windows Control Panel and modify the account. Pretty simple.

赏狗网

hbell wrote:However, is it not the case that all users need write access to the TM1 data directory so that their views can be stored?  I'm not sure that these are done in the name of the Service Account.

Hi Hugh - No! All the writing to <user>}vues and <user>}subs directories are done by the service account.  Users don't need and should never have access to the data directory.

jsyyrs

hbell wrote:Alan .............. I don't disagree with the general point that TM1 is as secure as any other system.  However, is it not the case that all users need write access to the TM1 data directory so that their views can be stored?  I'm not sure that these are done in the name of the Service Account.  

No! Emphatically, absolutely, NO! It is the server application that saves the view definitions, not the individual clients. The individual clients simply tell the server application what the definition of the views that they need to save is, and the server application handles writing those definitions to disk. When the user logs on it is the server application, not the client, which reads the client's view definitions. The view definitions are passed back from the server application to the client via the client software that they are using, be it Client, Architect, Perspectives, Web, EV or some custom thing whipped up with the API.

It is the account that the server application is running under which needs permission to read and write to the data directory, not the accounts of the end users. The server application always stands between the clients and the data directories.

I'm not sure whether it's clear enough on the subject (I don't explicitly cover the issue of data files) but this:
http://www.youtube.com/watch?v=yYHHbk8qITA
tries to explain how client/server applications work. The client does not work with the system data files.

公孑

Hello Hugh,

With "No!" resounding in your ears, I think it would be churlish of me to do the same, even though we know each other well. If you permit me to be assumptive, we did once tackle a similar issue together where users needed some permission to the underlying files, but it was a TM1WEB folder issue, not data directory.

Regards to you and the team.