Application security query!!
From: Madhu Gopinathan (madhugops_at_rediffmail.com)
Date: 02/26/04
- Next message: roadstar: "administrator locked"
- Previous message: na: "Re: Forgotten Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Feb 2004 16:49:14 +0530
Hi,
Consider an application, say App1, running on machine M1 under the context of a user U1. Now App1 needs to access a certain secured resource on machine M2 and the user U1 does not have rights to access it. So, App1 fails with "Access Denied". Now, without terminating this failed instance of App1, if I assign the required permissions on the resource on M2 for the user U1, and re-try the operation on App1 using the same previously unterminated instance, the application still fails with "Access denied". This happens till I terminate and relaunch App1 upon which it starts succeeding.
The same happens vice-versa, i.e, App1 succeeds even after I remove the required rights from the resource on M2, till I terminate the application and re-launch it.
My queries are
Is there a user token generated somewhere?
If so, where is it created and stored?
If it is created on M1 under the process identified by App1, does not that mean that the token would have local group membership information of M2? And how are the local group sids of well known groups, like Administrators, created in that case?
Is there any way to ensure the consistent and expected behaviour, i.e. refreshing group memberships without relying on cached information or tokens.
I hope I have been clear enough.
Thanks,
Madhu
- Next message: roadstar: "administrator locked"
- Previous message: na: "Re: Forgotten Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
