Hello Henry, On Do, Jun 09, 2005 at 12:32:11 -0700, Henry Chan wrote:
Hi! I think there should be a restriction on at least one admin user have all user privilage, because what if you take off every admin user's privilage and none of them can go back to the "admin area"? Where is the admin rw privilage stored ? Is it in the mysql table? or a pm file? Is it a safe place?
On a standard installation all user data are stored in the mysql DB, even the admin account. As long as access is restircted to this DB, there is no security risk. Changing the admin account in a way, that no more admin rights are present, might be possible (I've never tested this), but this could only be done by an admin... And if you are admin of a system, you should know what you are doing. So I also think, that this is no security risk in the system. In the case where the admin knows not enoug about the system, the admin himself is the security hole. For the persons or companies who are unsure or feels swamped with the many features of the system, we offer commercial support, training, e.g. Just have a look at http://www1.otrs.de/ or write a mail to sales@otrs.de
Henry
Best regards, Christian -- ((otrs.de)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Manage your communication!