Seems to me you are trying to address the symptoms and not the source of the problem. If this is really an issue, fix your apps within Remedy. Form, row, and field level access give you all you need to address any data leakage.
Even if you somehow bandaid the mid-tier, anyone can use the api, a macro in the user tool, and probably a number of other methods to get at the data (all exposed via the api). If the only attack vector you are trying to address is the web, then I guess this approach would actually solve something, but how reliable and secure will it be in the end? How much time do you want to spend maintaining it? Axton Grams On 11/28/07, Mahan, Janet L [EQ] <[EMAIL PROTECTED]> wrote: > ** > > I can't crack my customer's across the knuckles! > > Seriously, does no one else think that is a security issue for any user to > be able to overwrite the url and get to hidden forms? > > > Janet Mahan > Network Systems Administrator II > EMBARQ > > Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199 > Email: [EMAIL PROTECTED] > > Voice | Data | Internet | Wireless | Entertainment > > This e-mail is the property of EMBARQ and may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. If > you are not the intended recipient (or authorized to receive for the > recipient), please contact the sender and delete all copies of the message. > > > ________________________________ > From: Action Request System discussion list(ARSList) > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Cook > Sent: Wednesday, November 28, 2007 5:45 PM > To: [email protected] > Subject: Re: mid tier lock down URL > > > ** > Why, what could be simpler than a ruler across the knuckles, administered as > necessary? ;-) Seriously, my preference would be to simply report this > person for violation of whatever IT policy prohibits such actions. That's > assuming that (s)he is causing some problem by doing so. > > Rick > > On 11/28/07, Mahan, Janet L [EQ] <[EMAIL PROTECTED]> wrote: > > ** > > > > > > Is there a simple way for someone that doesn't know a lot about > creating/modifying web pages to keep users from changing the URL in the > mid-tier and going directly to a form that they have hidden access to?????? > > > > Janet Mahan > > Network Systems Administrator II > > EMBARQ > > > > Voice: 941-766-6199 | Wireless: 321-356-0128 | Fax: 941-766-6199 > > Email: [EMAIL PROTECTED] > > > > Voice | Data | Internet | Wireless | Entertainment > > > > This e-mail is the property of EMBARQ and may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. If > you are not the intended recipient (or authorized to receive for the > recipient), please contact the sender and delete all copies of the message. > > __20060125_______________________This posting was > submitted with HTML in it___ > > __20060125_______________________This posting was submitted > with HTML in it___ > __20060125_______________________This posting was > submitted with HTML in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Platinum Sponsor: www.rmsportal.com ARSlist: "Where the Answers Are"
