I've been having issues with a pontental security hole
with GO community 2.13. This installaiton is running on
a Dell PowerEdge with SUSE Linux Enterprise Server 9 on
I've created a "Global Address Book" (GAB) as admin.
This group is read to everyone, write only to the admin
user and admin group. If I login as a regular joe user,
and subscribe to this addressbook, I can modify it in
the following ways even though I do not (as far as I
can tell) have write permission to the book.
Move a contact from the GAB to a private addressbook Move a company from the GAB to a private addressbook Create a contact from a member into the GAB
I believe this to be a security bug.
Thain Eischeid Thain.Eischeid@mosaicinfo.org