If you read my thoughts about security features implemented in LockBox carefully, you may find that I do not setup environment variables to make LockBox libraries work – I use clb.library.path system property to setup location of LockBox libraries. Continue reading
It seems that “dynamic groups” is yet another white spot in documentation: Fundamentals guides states that dynamic groups can’t belong to non-dynamic, Administration and Configuration guide, in opposite, gives an example of such possibility: dm_browse_all/dm_browse_all_dynamic, dm_superusers/dm_superusers_dynamic (I have no idea why dm_read_all/dm_read_all_dynamic pair is missed in Administration guide). The only true thing about dynamic groups you can read in documentation is: dynamic groups are intended to be enabled/disabled in runtime, which allows user to gain/loose some extra privileges.
Have you ever tried to download/upload large (say 2Gb and more) content through DFC? Continue reading
- documentum security vulnerabilities: D2GetAdminTicketMethod (D2) – here I had shown that D2GetAdminTicketMethod docbase method is vulnerable
- God bless EMC. Part IV – EMC decided to encrypt parameters/results passed through D2’s docbase methods, I had shown how it was possible to decrypt those parameters and results using same docbase methods
- Is it worth to treat flu if patient has cancer? – second unsuccessful try from EMC to protect D2GetAdminTicketMethod docbase method
At the beginning of August 2014 EMC released Webtop 6.7SP2P16, now, according to the patch notes, it’s certified against JRE 1.7_65:
Initially I wanted to write something like “DFC has a cool method ISession#getUncachedObject(IDfId objectId, String currencyCheckValue) that allows to track changes in TBO”, but after investigating how XCP wrongly implements the same functionality in business events, I realized that it’s worth to pay more attention to the problem, because even vendor does not know how DFC does work.
It seems my previous post about e-mail notifications was a prophecy – EMC definitely got a time-machine: now they started fixing vulnerabilities in upcoming releases:
Moreover, it turns out to be that CS 7.0 was released for both AIX and Solaris too 🙂