Announcement

**Support Team** · November 25, 2011, 12:04 PM

Re: Waarning - Data loss risk + security risk.

danoli - there's no magic bullet here and as we discussed with you by email here's what we think of this:

This does not work much differently than Windows -

Have unsaved updates in other Windows applications (nothing to do with RangerMSP), lock Windows and if the technician goes home you will need to know their password, if you shut the PC down - unsaved updates in any application are lost. etc.

As with Windows what you may do is:

Ask technicians to save before they lock the RangerMSP session.

Ask them not to use the lock feature if they might go home.

Ask them for their password so you can unlock into their locked session.

We have already logged your feedback here, however and as mentioned in our emails to you, this request is not popular and thus we will be working on other things as we think that RangerMSP does differ much in this area than other products and thus we will probably spend our time and resources on other, most popular, feature requests.

Should this become popular and something that many of our users wants us to work on I can assure you that this is exactly what we will be working on.

Thanks.

**danoli** · November 25, 2011, 12:09 PM

Re: Waarning - Data loss risk + security risk.

A minor code change (I would guess) to ensure a known issue that WILL lose data is resolved, is not too much to ask.

As I explained to you, we lost significant data due to this and it worries me that this could happen again.

While you are comparing to windows, I agree, the lock computer feature is similar, but windows does have the log our option which does prompt to save data. Windows is also the operating system, not the application which makes it a little different.

You say the request is not popular, I agree, it may not have happened to many, but I guarantee that if it happens to you (or anyone eles reading this) you will wish the problem was resolved.

Is it really that difficult to fix?

**Support Team** · November 25, 2011, 12:14 PM

Re: Waarning - Data loss risk + security risk.

Personally I don't know what it takes to implement such a feature improvement.

If it'll become a popular require it'll be implemented before other feature requests.

If it won't I guess that other feature requests will be handled first.

I hope this all makes sense and it doesn't mean that we don't understand what you're saying. We actually do understand and really appreciate your feedback here.

**danoli** · November 25, 2011, 12:23 PM

Re: Waarning - Data loss risk + security risk.

I posted this publicly to hopefully make others aware of a glitch that has cased me a loss...

We lost the contact number of a new business, a business that is expecting our call and I have no way of contacting them.
A silly mistake, yes, avoidable, YES?

Is this a feature request, I would say more a security risk.

**nattivillin** · November 27, 2011, 04:45 PM

Re: Waarning - Data loss risk + security risk.

So hitting logout doesn't log you out? You have to actually log in as someone else in order to log the first person out totally?

**danoli** · November 27, 2011, 04:59 PM

Re: Waarning - Data loss risk + security risk.

Yes, it is NOT possible to just logout.
If you click login as different user, it may look like you are logged out, just click ESC and you are back in as the last engineer...

I cannot understand why a security risk has to be 'popular' before they will fix it?

**nattivillin** · November 27, 2011, 09:50 PM

Re: Waarning - Data loss risk + security risk.

I agree, You would think that log out would mean you are actually logged off.

**DynamicIT** · November 28, 2011, 03:26 AM

Re: Waarning - Data loss risk + security risk.

Hi Team,

If I am called away from my computer by a client and it is in a potentially publicly accessible location, I'll hit WINKEY+L. If someone else jumps on it and forces my session to log off for any reason, the data loss is due to human error, not the software I am using.

Would I want every application (or even one application) to force me to answer a question about saving data when I an trying to walk away in a hurry? No, as this defeats the purpose.

Would it be great if my software helped me prevent data loss through human error? ABSOLUTELY YES.

I think Microsoft Word 2010 allows you to recover (for a short time) a document you closed and accidentally clicked NO to saving changes. Word has been around for 25 years and this feature is new. Hopefully CommitCRM can save us from our silly mistakes before they reach 25 years old :)

Danoli I feel your pain, as does everyone who loses for example some important information when Word crashes. You are reminded about the importance of hitting the SAVE button regularly, and get on with life after a little grumbling.

As best I can see, the Lock Session and Log On As Different User menu items do exactly as they say they do. There is no Log Off (on my CommitCRM 5.7). Personally, I've never used either and never seen my team use them.

**DynamicIT** · November 28, 2011, 03:37 AM

Re: Waarning - Data loss risk + security risk.

Having to log in as someone else to log off the last user is a little odd, though I have seen it with other software too (cannot remember any names).

CommitCRM - Change Request - Change the "Log On as Different User" option to "Log Off (Change User)" or similar and have the application log off the existing user (prompting for saves) before presenting the login box for the new user. This is more intuitive.

Cheers,
Mike

**Support Team** · November 28, 2011, 07:16 AM

Re: Waarning - Data loss risk + security risk.

Thanks Mike.

**danoli** · November 29, 2011, 02:58 AM

Re: Waarning - Data loss risk + security risk.

The point raised is that CommitCRM is sold as a multi-user application with hierarchical permissions.
If I was logged in with elevated permissions on an engineers machine to 'override' something he did not have permission to do, then I as the manager should be able to force a logout.

Until recently, it was assumed that 'log in as different user' did as most other apps do in this situation, log out current user in anticipation for the new user, basically, you can hit ESC and get higher privileges if the previous user was an admin.

Yes, I know you can close CommitCRM and reload but this adds time. I wouldn't want to reboot windows every time I changed user.

Mike, I understand your point, but for an application to allow a user to lock a session without any means to override is a huge risk. There is a multitude of reasons why the user may not return or be unable to log back in, leaving the system vulnerable.

**racassel** · December 17, 2011, 11:28 AM

Re: Waarning - Data loss risk + security risk.

It is a high security risk to think clicking log on as different user has logged you out. CommitCRM should address this, or remove the logon as a different user, dim the screeen, anything but a fake login screen that doesn't execute the logoff routine.

**danoli** · December 17, 2011, 11:34 AM

Re: Waarning - Data loss risk + security risk.

Hear Hear... Falling on deaf ears I am afraid. (unless you want to 'suggest' it as a fix and have other 'vote' if it should be implemented, ridiculous!) Such a simple fix!

What about a locked session keeps unsaved data behind an unrecoverable login prompt?

What about an engineer can be logged in as 'himself/herself, leaving a comment in a resolution and 'choose' which engineer wrote it.

CommitCRM is Great... But...

**hayden** · December 18, 2011, 08:59 PM

Re: Waarning - security risk.

I think you need to re-train your techies. We have never had this issue has everyone here saves there data, always.

While I do see CommitCRM needs to fix the login issue, I think your staff are at fault here too.

You should know this from the Word days where you'd lose an entire document.

Announcement

Waarning - security risk.

Waarning - security risk.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment