Security breach issue

#1

In the network environment, when a terminal starts up while the server is down, an error message dialogue box pops up. It also contains the connection string with instance name, user name and password. I consider this a security breach as anyone will then be able to access the db with the information list in that box.

Is there a way to stop this connection string to show up?

#2

Secure your network and nothing to worry about. They can’t do anything if they have no network access. I doubt anyone would want to hack for just names and phone numbers. I mean what info on there is valuable? Nothing

#3

An angry malicious worker can change db data without being noticed. Did not check whether the user pins and pwds are encrypted, if not, I think it is an very insecure implementation.

#4

It’s not about security. The security part is up to you. You can secure it if your worried. Honestly if you have employees that would go to the extreme to manipulate database data I would fire them now.

There are steps you can do to secure it.

#5

This is actually a serious issue. There is no need for db logins to be shown at that screen.

You would not even know if changes are made in your db. You also would not know who made the changes.

4 Likes
#6

I agree it seems silly to show the info like that… but serious issue I would disagree. Employees just are not interested in corrupting a database from a POS system. If they are then you have bigger problems.

Right now that screen serves as a method to recover from a bad connection string aside from manually editing the file.

#7

Hey delale.
I agree with your statement. However. The risk is greatly reduced because once you receive this error, and you were able to fix the connection issue and reestablish a connection; simply change the SQL password in both SQL Server side and inside SambaPOS. I love that this info is shown because this allows me to immediately see if the issue is credentials related or connection string. And yeah. Your staff would really need to be tech savvy to open the correct management tools to sabotage your system once you secure your network.

1 Like
#8

I don’t think the msg is the heart of the issue, the real issue is there is no reason to spell out the user name and the password attempted is not going through. An error msg without the two serves just as good, because the person who have the authority to touch the db should also be the one who remembers the credential. Similarly an auto login(with saved password) with Google account or Yahoo Account or Microsoft Account will NEVER spell out what password it attempted. They only tell you that the saved password is no good, you can retry to reset it. Imagine when your browser spelling out ALL passwords it saved for auto login simply because the router is offline. The connection string to a db deserve similar security to just an online app. IMO, passwords should NEVER be shown. For another example, if you log in SQL Express itself using any Microsoft utilities such as the SSMC, it will only says the user name and password combination is no good and will NEVER spell out the password you saved. To me, it is a kind of proper IT culture to hide all passwords as much as possible.

In the environment of the live system where I deployed, most temp workers knows SQL to some extent because most of them are college IT and engineering students.

#9

The thing about that prompt is it lets you fix a mistake right inside that dialog. Generally you wouldnt turn the server off. If you do you would ensure its always started first. What you may not realize is you can also use windows authentication and have no password there. Perhaps there could be a better way to handle it but its really not a security breach. There are ways to secure it even if the person sees the login and password.

1 Like
#10

Yes, I would try using Windows authentication works.