ECL prevents items with no signature

[tonty]

Our ECL is set so that design elements that have "No Signature" have virtually nil access. I assumed that this was correct and would protect us to a certain extent. However, we are implementing a database from an external company that throws up an ECL warning stating that an item has no signature and does not have sufficient access, blah, blah, blah... The external supplier tells us to amend our ECL (and they assure me that many other companies have done so), I say not, they say there is no other way around this issue and we should have ample protection elsewhere (ACLs etc).

Is opening up the ECL as potentially dangerous as I think it is?

Regards,
Tony.

 

[pmonett]

ECLs are a hassle, comparable to a necessary evil. I do think that they provide a level of security that was worth implementing, but the consequences are somewhat of a bother. That is the price to pay.
In your case, there is no justification to relax ECL restrictions. This is a 3rd party hired to provide an application, therefor they are responsible for the "good conduct" of said application.
In your stead, I would sign the db with the server ID or the admin ID. That would erase ECL issues and allow any scheduled agents to run.
Of course, that also means that the application can do whatever it wants to, but this app in particular has been requested by you from a known 3rd party, so if anything goes wrong you have the culprit to bring before a judge.
I would definitely not advise the same thing for an app downloaded from the web, especially if you cannot check on its design. That is basically what the ECL is for - protecting you from unknown code that wants to play with critical resources (ie network and disk).
In your case, the database is supposed to become part of the company code base, so signing it is an acceptable procedure.
I hope that you can also check out the code, for future maintenance.

Pascal.

 

[tonty]

Thaks for that Pascal. However, we do already sign the database with our Admin ID. Part of the code supplied is to copy an email into a document within the database. This, the vendor tells me, is the unsigned element and so the ECL needs to be amended to allow elements with no signature the ability to modify other databases. This seems both extreme and certain to flag up an major inconsistancy to an auditor.

Any further comments would be appreciated.

Regards,
Tony.

 

[pmonett]

How can there remain an unsigned element if you sign the whole database ? Or is there some design element flagged to not update design, and that interferes with the signing process ?
I think the vendor needs to clarify the code used and help you ensure the database is correctly signed.
Relaxing basic security measures to get the application to work is unacceptable, period.

Pascal.

 

[tonty]

Sorry, I meant that the email itself is the unsigned element, not the code.

Regards,
Tony.

 

[pmonett]

Right. I guess that email is supplied in the database ?
If so, you should be able to sign it by opening it and editing it, no ?

Pascal.