Hello,
I don't know if this issue has been reported yet, because the forum search isn't working. If I type something into the seach bar and click on the search button, after a while only a blank page is being shown.
I have a change request for Cobian Reflector (using the current version 2.4.00) because when running in service mode it introduces a serious security issue. My request is that only administrators can use the GUI. Currently, everybody can use the GUI. But the GUI runs with the permissions of the service and if you install the service with admin rights, which is necessary if you want to use VSS, then every user can grant him-/herself access to all the files on the system. I tried it out myself: As a non-Admin create a task that backs up the content of the userprofile of the system's admin, a folder you usually don't have access to. Run the task and there you go: All read-protected files ready to read!
The option to protect the GUI with a password is useless, because C:\Program Files\Cobian Reflector\Settings\Cobian Reflector.ini is writeable for everyone. Just set Protect the user interface=False, wait for the CobianReflectorService to restart and the password protection is gone.
Thanks,
SH
I don't know if this issue has been reported yet, because the forum search isn't working. If I type something into the seach bar and click on the search button, after a while only a blank page is being shown.
I have a change request for Cobian Reflector (using the current version 2.4.00) because when running in service mode it introduces a serious security issue. My request is that only administrators can use the GUI. Currently, everybody can use the GUI. But the GUI runs with the permissions of the service and if you install the service with admin rights, which is necessary if you want to use VSS, then every user can grant him-/herself access to all the files on the system. I tried it out myself: As a non-Admin create a task that backs up the content of the userprofile of the system's admin, a folder you usually don't have access to. Run the task and there you go: All read-protected files ready to read!
The option to protect the GUI with a password is useless, because C:\Program Files\Cobian Reflector\Settings\Cobian Reflector.ini is writeable for everyone. Just set Protect the user interface=False, wait for the CobianReflectorService to restart and the password protection is gone.
Thanks,
SH
Statistics: Posted by SheriffHobbes — 24 Sep 2023, 14:07