The online community for software testing & quality assurance professionals
 
 
Calendar   Today's Topics
Sponsors:




Lost Password?

Home
BetaSoft
Blogs
Jobs
Training
News
Links
Downloads



Software Testing >> Security Testing

Pages: 1
SimonFromLeeds
Member


Reged: 08/12/04
Posts: 139
Loc: Leeds
God level pass
      #705802 - 05/03/12 01:08 AM

Hi,

I've been working on a desktop product, that's shipped and installed to customer sites. It's a CRM/Case Management system. The system has a 'God Level Password', that has full access rights to the system. I'm used to systems that have this being disabled as soon as and other user is created on the system (I think that's reasonable).

I don't think the current situation is reasonable, if there were some form of data protection issue at a customer site, any of my team (dev and test) could be suspects. There's also ex-staff members who'll know the password. The password regularly gets used by support and training for some activities.

So, I want the product management team to define the requirements for non-client access to the system, so the 'God Level Password' can be removed. I'd like to trigger that by logging a defect about how the system access is not correctly protected. Anybody got key risks/legality issues they'd include in the defect?

Thanks!


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 4 anonymous users are browsing this forum.

Moderator:  icruiser, AJ, Walen 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 1653

Rate this topic

Jump to

Contact Us | Privacy statement SQAForums

Powered by UBB.threads™ 6.5.5