This is a problem...
Using BESR Retrieve (the web interface) that requires a user to login and gives access to files they have permissions for... OK
Mounting the v2i file as a drive and browsing to it, only being able to access what your login allows access to... OK
Opening a v2i image in the Symantec Recovery Point Browser SECUITY RISK.
The recovery point browser I understand is a different animal. I know the sys admin should be able to restore ANY file to the original network location, and I could even argue it's OK to restore them to any location. But then to have access to do anything with the files because the permissions have been removed is a serious problem.
As an example, our CEO has a private folder on our company drive. This folder belongs to him and his secretary and contains files that, while not mission critical, should not be available to anyone but them. Think drafting company memos or preparing pay tables etc... Encrypting and adding file by file passwords is not a practical solution, restricting ownership of the file is.
I don't believe this is a Microsoft problem. The recovery point browser should respect the acl permissions while understanding it is OK to "Recover" the files but make sure the end product reflects the full acl permissions as they appear in the original.
Simply password protecting the image file does not resolve the issue either. Sys Admins would still have the image password and thus full access to all files.
Does no one else see this as a problem? How are you coping with it?
/RB
Message Edited by RBall on
03-20-2008 08:27 AM