Announcement

Collapse
No announcement yet.

server app requires user session opened

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • server app requires user session opened

    Hi,

    I have a client server application that must have an open session on server by requirement of supplier (found that after implementation).

    I found that they keep the session opened with their account that is a member of Local Admin group.

    After a pressure, they found a way to make it work under Standard domain user account. I had no choice to accept that and create Auto Logon for this account on the server, because after updates and restarts the session should be opened to make this app work.

    Sure, I didn't like that...

    Today, because the app has intermittent issues, the guys asking to keep the session open under Admin account again.

    I have no words...

    Could somebody tell if I am right...

    I guess there is a System account for making running services or apps on background.

    Sure it is not a standard APP, it includes SQL and couple of other servers, one for each service... Based on the above, can I conclude that the app described is the result of a bad programming?

    Brief explanation will be appreciated.
    For now I can base my thinking on properly installed and configured of some Microsoft solutions that I deployed - APPV for example that include 3 servers with SQL.

    Thanks.
    Last edited by mla; 17th January 2017, 19:53.
    "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

  • #2
    Personally, I agree with this being '...bad programming...' (the politest way to say it, more like 'reprehensible'). The security leak due to an app on a server forcing you to have an open interactive login running just to operate means that the app can do anything on the server it's programmers set it to do, and there's nothing you can do to stop it, without killing the app. That risk just isn't worth it.

    What is this app? I'm almost certainly not the only one interested, if only to be sure and avoid it (like The Plague!)
    *RicklesP*
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **

    Comment


    • #3
      It is a Dictation system solution (with Voice Recognition). It is a third party company that implemented it from original builder. Don't want to distribute more details.
      Thanks for confirmation of obvious "Big bull.." thing...
      "When you hit a wrong note it's the next note that makes it good or bad". Miles Davis

      Comment

      Working...
      X