Security still not working properly

Support related problems and questions

Moderators: TerryRogers, Max

EFvanGelder
Guru
Posts: 139
Joined: Thu Mar 29, 2012 9:02 am
Been thanked: 24 times

Security still not working properly

Post by EFvanGelder »

I am a bit disappointed to see that security still isn't working properly.
A few releases ago, I already mentioned that one can easely peek into the passwords, by copying the database to another PC with a clean EPIM installed. Furthermore, though modules can be selected to password protect them, one could still access the password protection option, without having to enter a password, and subsequently turn off password protection.
The latter one was, to be honest, pretty stupid, but at least that part has been improved. One cannot change security options without having to enter the correct password.
But it is still very much possible to copy a database where the password module has been password protected, to antother PC with a clean EPIM installed. When the database has been opened there, it won't ask for a password when opening the password module. When looking into the security options (for which one now needs the password), quite surprisingly all options are inactive (unchecked), while on the other PC where the database originally came from, several modules were checked to be password protected.
Disappointing as I said, especially where EPIM is such a briljant application. I hope this will be fixed soon.

Test info:
I created and used my database on PC A, with EPIM PRO PORTABLE r7.2, Database = password protected, Modules 'Trashbin' and 'passwords' are checked to be password protected in extra->options->security. When I open my database on this PC with that particular copy of EPIM, I will be asked to enter my password when I click on the password-module to open it. Then I copied the database to my new laptop, where I installed EPIM PRO r7.2. When I open my copied database in this newly installed EPIM on my new laptop, then click on the password module to open it, no password has to be entered and the module opens directly, showing all passwords stored inside it. When I check te security settings (extra->options>security), all modules are unchecked, therefore not password protected anymore.
With kind regards,
Erik Franciscus van Gelder
TumbleDoor
Guru
Posts: 138
Joined: Tue Jun 21, 2016 7:19 am
Been thanked: 15 times

Re: Security still not working properly

Post by TumbleDoor »

I'm not sure this is really that big of a deal at all...

If someone else moves your database to a computer with a clean EPIM they can't see nothing unless they know your master password to open the database to start with. So that means it would be you who was moving your database to a new computer with a clean copy of EPIM and entering your database. If you are taking the time to copy your database why would you not be taking the time to copy your EPIM.ini where all your other settings are saved, or at the very least taking the time to properly setup a clean copy of EPIM?

If you are moving your database between computers often then you would be much better suited to be using the portable version and not the installed version which also doesn't have this issue as once again you are moving your EPIM.ini with you as you go.

If someone deleted the EPIM.ini file and you somehow didn't notice that could* be a security risk though if you didn't notice when someone deleted your EPIM.ini file the second you logged into your database you probably are not that security minded. XD Though it could be a valid concern if you were allowing others to use your system, however at that point you should take the time to be a good system administrator and properly lock down the EPIM.ini amongst other good security practices as well as very few programs protect their settings files as they expect the system to be secured.
Max
Site Admin
Posts: 21714
Joined: Wed Dec 08, 2004 11:39 pm
Has thanked: 819 times
Been thanked: 364 times
Contact:

Re: Security still not working properly

Post by Max »

I have to concur with TumbleDoor on this. I can not think of any viable user case where current behaviour would be a security threat.
Maxim,
EPIM Team
EFvanGelder
Guru
Posts: 139
Joined: Thu Mar 29, 2012 9:02 am
Been thanked: 24 times

Re: Security still not working properly

Post by EFvanGelder »

As I see it:
There's three possibilities:
A) I am using my EPIM database in either a secure environment (at home, on my own PC, EPIM installed by myself, only 'viable' users here) or an insecure environment (the office, EPIM installed by my employer), but in any case, I have my database closed: In that case, as tumbledoor correctly argued, as one has to open my database with the password first anyway, so password protection on module level has no added value here.
B) I am using my EPIM database in a secure environment (at home, on my own PC, EPIM installed by myself) and I have my database open. In this particular case, I have no need for password protection at all, neither on database or module level, as I can trust my wife to be a 'viable' user. So there's no added value to password protection on module level here too.
C) I am using my EPIM database in an insecure environment (at the office, EPIM installed by my employer), and I have my database open (but on module level, password protection was switched on). This would be THE circumstance, where password protection on module level would be usefull. And particular in this case, password protection is not working.
Conclusion: In no case, password protection on module level is offering added value. In the first two settings, I don't need it, and when I need it, it is not working. This is by far the worst security implementation I have ever seen, and the only solution I see now, is not to use password protection on module level at all, but instead only use password protection on database level (which, hopefully, is implemented better).
I am quite disappointed for that, because overall EPIM is such a great app with so much potential. It won't be a show stopper too, because there is other ways to prevent people from peeking into my data. But apparently, for security, I cannot rely on EPIM.
With kind regards,
Erik Franciscus van Gelder
EFvanGelder
Guru
Posts: 139
Joined: Thu Mar 29, 2012 9:02 am
Been thanked: 24 times

Re: Security still not working properly

Post by EFvanGelder »

As I see it:
There's three possibilities:
A) I am using my EPIM database in either a secure environment (at home, on my own PC, EPIM installed by myself, only 'viable' users here) or an insecure environment (the office, EPIM installed by my employer), but in any case, I have my database closed: In these cases, as tumbledoor correctly argued, one has to open my database with the password first anyway, so password protection on module level has no added value here.
B) I am using my EPIM database in a secure environment (at home, on my own PC, EPIM installed by myself) and I have my database open. In this particular case, I have no need for password protection at all, neither on database or module level, as I can trust my wife to be a 'viable' user. So there's no added value to password protection on module level here too.
C) I am using my EPIM database in a potentially insecure environment (at the office, EPIM installed by my employer), and I have my database open (but on module level, password protection was switched on). This would be THE circumstance, where password protection on module level would be usefull. And particular in this case, password protection is not working.

Basically, when I assign a module to be password protected, I expect it to be password protected in any and all cases, until I deliberetly remove that password protection. In the current implementation, it simply isn't. Therefore, in my opinion, it fails to do what I expect it to do.
With kind regards,
Erik Franciscus van Gelder
TumbleDoor
Guru
Posts: 138
Joined: Tue Jun 21, 2016 7:19 am
Been thanked: 15 times

Re: Security still not working properly

Post by TumbleDoor »

I'm confused as to how C relates to your above issue...
Your complaint on this thread is that in a clean copy of EPIM password module locking becomes undone...
You leaving your database open on an unsecured computer doesn't seem like it has anything to do with that.

Now if you want to rip EPIM module security for being bad security here's how:

The module password protection is only really useful for keeping your family who don't know how EPIM works from snooping it's not an excuse for leaving your database open.

The BIG hole: If you leave your database open you can export any data you want from an encrypted and password protected database regardless of if the module is "protected" or not. EPIM never asks you to confirm your password to export...etc you can just export everything no questions asks.

The other large hole: Passwords are the same as the master password... So if someone has your master password you're boned.

The fixes for these and even your issues as I see them:
#1 Allow a unique password for module locking (Encrypt the data again). [How it fixes your issue by proxy: If the modules are not marked as password protected they would just show up as garbage. So you would HAVE to go into the settings and set them to protected to be prompt for their decryption. Thereby eliminating the risk of your database being opened on a clean system.]

#2 Require the secondary module lock password to export anything from the database. That way even if people have your master password they still do not have access to your protected/hidden module data.

The reason:
The most likely place you are going to truly need module protection is when you're database was carelessly left open or you had to give your master password to someone to do something for you.
- If the database is carelessly left open. (In the office you ran out to get coffee) then someone can just export all your stuff real fast and have everything.
- If you have a family member or a coworker do something for you in an emergency satiation and you HAD to give them your master password. They could then export all your info and access all your protected/hidden data as well... And if they were "savvy" enough to write the password down on a sticky note and loss it in the office... well you can see where this goes.

In the end what you really want the most out of a second layer of protection is to protect against the loss of your master password.


As things stand now it's really just a way to keep your non-techy mother from reading your sex dairy when she snoops on your computer when you accidentally left EPIM open. It really offers no real level of protection, it's just a way to hide things from non-savvy people when you run out of the house real quick.
EFvanGelder
Guru
Posts: 139
Joined: Thu Mar 29, 2012 9:02 am
Been thanked: 24 times

Re: Security still not working properly

Post by EFvanGelder »

Thanks for the reply. And well, I think you just 'made my case', by saying that 'it offers no real level of protection'. That is, in a few words, my complaint exactly.

The whole matter rephrased in a decent use case.
As the password protection on module level only works if the database is left open, I think this is pretty much the only use case where this selective password protection could be useful.

Use Case:
As A User:
- I want my colleagues to be able to look into my calendar and notes, but
- I do not want them to be able to look into my contacts and mail, so that
- I can share a selected part of my information, while protecting another selected part of my information.

Solution:
Apply selective password protection on module level. Therefore:
- I password protect the database
- I left the modules 'calendar' and 'notes' unchecked in the security options,
so that they won't be password protected, and will be accessible by my colleagues if I leave my database open and
- I checked modules 'Contacts' and 'Passwords' in the security options,
so that they will be password protected, and therefore only be accessible by me.

Expectation:
My expectation in this, is that a module, that has been checked to be password protected in the security options, actually is password protected and stays that way at any time, in any circumstance, on any (other) machine, until this setting has been deliberately changed back to unchecked for password protection, by me.

Actual result:
- At home, where I prepared my database, everything works as expected. That is, when I leave my database open:
- Unchecked modules are accessible by anyone, while
- Checked modules are password protected, that is, only accessible after entering the password.
- In password options, the modules 'Contacts' and 'Mail' remain checked (to be password protected)
- At the office however, when I leave my database opened,
- all modules are open to anyone, without any form of protection on module level
- In security options, all modules appear to be unchecked, though I did not change anythng to the Original settings.
- There is no warning whatsoever, that security settings have been changed to the database, although apparently,
some modules that were set to be password protected, on this particulat machine, with this copy of EPIM, are not password protected.

Remark:
- At the office, we are allowed to use our data (EPIM database), but we are NOT allowed to execute our own applications,
whether it be installed or portable versions. Therefore, using EPIM portable is not an option. We have to use the locally
installed version of EPIM at the office.

It is pretty clear to me, that security settings of EPIM are not suitable for offering any reliable setting, especially with regards to selective security settings on module level. At the same time, security is (obviously) not the 'core business' of EPIM. Managing Personal Information is, and EPIM is doing that brilliantly for me. Fortunately, there are other ways to share and protect data.
As the security settings on mudule level have been implemented now, in my opinion, it should better be removed completely, preventing users from having a false feeling of security. At least, until somethin better has been developed.
The password protection on database level is, hopefully, somewhat better.
With kind regards,
Erik Franciscus van Gelder
Rose Ford
Guru
Posts: 187
Joined: Sun May 08, 2016 8:39 am
Has thanked: 1 time
Been thanked: 30 times

Re: Security still not working properly

Post by Rose Ford »

EFvanGelder wrote:As the security settings on mudule level have been implemented now, in my opinion, it should better be removed completely, preventing users from having a false feeling of security. At least, until somethin better has been developed.
The password protection on database level is, hopefully, somewhat better.
If you ask me this is where things get really edgy between EPIM and EPIM business.

As a personal dairy and information system it's a perfectly fine system, as TumbleDoor said it's just a way to hide things from causal outside users. It's like writing in invisible ink in your diary. Useless against people who have any idea of what they are doing, but good enough for a dairy.

As a office business tool it is extremely lacking, anyone who would dare try and use it in a office business setting should hire a security consultant immediately. As mentioned again by TumbleDoor there needs to be secondary passwords involved. His version would be a great start. However it's only great for the Pro edition. For the actual business edition where you are working on a network you need more granule control you need the ability to make custom status groups and assign unique passwords to them. That way each group of employees can have their own passwords to access sensitive content which the admin could change at anytime when they deem necessary. Along with the ability to password protect their own private content with their own unique password allowing them to store info the admin can not access. As of right now there is no true privacy in the business edition, and a huge gaping whole of a security risk. Anyone with the SYSDBA account details and the master password can see all users private data on the entire database.
EFvanGelder
Guru
Posts: 139
Joined: Thu Mar 29, 2012 9:02 am
Been thanked: 24 times

Re: Security still not working properly

Post by EFvanGelder »

Agreed. The security part is low quality, that much is clear. I do understand that security is not the core business of EPIM (which is made pretty clear by this implementation) but organizing personal information is. And at that, EPIM is still top notch. So this won't be a show stopper for me (not by a long shot), however, I would not advise anyone to use this security setting ever.It is just, that the quality of the rest of the application was outstanding upbtill now. At some points, EPIM is way better tban outlook, hence my choice to use EPIM in stead of the market leading product. This security option is, let's say, in contrast with the rest.
With kind regards,
Erik Franciscus van Gelder
Max
Site Admin
Posts: 21714
Joined: Wed Dec 08, 2004 11:39 pm
Has thanked: 819 times
Been thanked: 364 times
Contact:

Re: Security still not working properly

Post by Max »

Let's separate the things:
  1. EPIM database protection (the main password for the database)
  2. module protection
  3. Business version
1. There have been no any issues with EPIM database protection- that has never caused any misconceptions
2. Module protection is an additional method to protect modules and yes, indeed, there might be some edge cases where this particular type of security may not correspond to expectations as to the strength of protection of individual modules. Especially when user is moving database around while using it with non-portable EPIM version
3. Business version uses strong encryption to protect private items, which any user can make. Those items are accessible only for the creator and admin. Admin having access to all items is a business requirement. It will be difficult to find an actual business software with no possibility to recover data for disgruntled employee. Administrator has always permissions to do ai and this is not a security breach in any way- rather, a must-have feature.
Maxim,
EPIM Team
EFvanGelder
Guru
Posts: 139
Joined: Thu Mar 29, 2012 9:02 am
Been thanked: 24 times

Re: Security still not working properly

Post by EFvanGelder »

Again, agreed.
The complaint reflects the use of the professional edition only. NOT the business edition.
The password protection on database level is good. It does protect access to the database in any case, or circumstance.
It is exclusively the password protection on module level in the professional edition, that, in my opinion, is flawed.
I do agree that there is a business edition of which the security measurements are stronger, but, in my humble opinion, that does not mean that the security measurements in any level should be allowed to be flawed or as week as this one is, in, let's not forget, still a 'Professional' edition.
From a 'home' edition or a 'free' edition, it would probably otherwise, but using the label 'Professional' does bring certain expectations with it.

As I said, the quality EPIM is providing for it's 'core business', which is managing personal information, is still outstanding.
Security is not the main functionality of EPIM. And there are many alternative ways to secure data.
With kind regards,
Erik Franciscus van Gelder
Rose Ford
Guru
Posts: 187
Joined: Sun May 08, 2016 8:39 am
Has thanked: 1 time
Been thanked: 30 times

Re: Security still not working properly

Post by Rose Ford »

I had never used the password protection for the modules until after reading this thread and really I have to agree as it stands it's a feature suited for free/home use program I think TumbleDoor really summed up how to make it a real pro feature easy. Just make it so that modules that are locked are encrypted again with a different password.

As for the Business version I can say that as a business owner having backdoors that the admin or myself can't seal shut is not a feature it's a risk. Having the option for admin to be able to read users private data is 100% required for some industries however not having the option to disable it is 100% flawed for many others. There are circumstances out there where you actually do trust your employees and you need to trust them with higher security that only they can access as their work is to sensitive. There are also circumstanced where the admin DO NOT HAVE THE LEGAL RIGHTS to look at the other peoples documents. Big companies are getting in trouble for that all the time, as admin keep backdoors open so they can snoop when they do not have the legal right to do so. Which is why more and more companies are turning to locked down solutions where admin can not access users data to protect themselves.

By having an un-closable back door all you are doing is costing yourself sales not gaining any as by having an option only admin could use to seal the door you would be making your product open to both camps, however by forcing the door wide open you are ensuring a loss of a userbase especially as it's becoming a bigger problem by the year in the world, so you are closing yourself off from an emerging userbase.

I use EPIM for home/personal use as is and it suits me well, however I have mulled over the idea of using it in my business a couple of times. This has effectively killed my interest in doing so. I am not willing to take on the legal responsibility of not being able to properly protect my employees. In my industry they would be legally responsible for any documents that got leaked from their private items.
Max
Site Admin
Posts: 21714
Joined: Wed Dec 08, 2004 11:39 pm
Has thanked: 819 times
Been thanked: 364 times
Contact:

Re: Security still not working properly

Post by Max »

Rose Ford, thank you for your comments. Can you give examples of enterprise networked applications that store data and administrator does not have access to all the data?
Maxim,
EPIM Team
Rose Ford
Guru
Posts: 187
Joined: Sun May 08, 2016 8:39 am
Has thanked: 1 time
Been thanked: 30 times

Re: Security still not working properly

Post by Rose Ford »

I can't think of names off the top of my head, at my company we use a rather feature minimal in-home solution which is why I had been thinking about EPIM. Though having not looked into it in-depth I had assumed that users private data would be encrypted using their personal passwords. However that seems to be far from the case which is a shame.

That said you should be able to find many by searching and knowing your security standards.
As in order for something to be high level FIPS compliant a system most have protection against rogue administrators accessing sensitive data and prevent them from being able to impersonate any given user. At the moment I am not dealing with a case were we need to be FIPS compliant, however my employees need their data security to be well ensured nonetheless.

Here's a quick result off the top of google for you:
https://safenet.gemalto.com/data-encryp ... -software/

As I said you should be able to find countless examples of software made for government, hospitals, law offices...etc that are built to have blind admin encryption as it is an important step into protecting themselves legally.
Max
Site Admin
Posts: 21714
Joined: Wed Dec 08, 2004 11:39 pm
Has thanked: 819 times
Been thanked: 364 times
Contact:

Re: Security still not working properly

Post by Max »

The Safenet by Gemalto that you mentioned uses centralized key management- that means administrators have access to employees accounts in case of need. As mentioned above, it would be rather difficult to find networked enterprise software that stores information and does not allow organization administrator to see all the data in employees accounts. I do not think it makes sense to argue about that unless some particular examples are introduced.
Maxim,
EPIM Team
Post Reply