Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

EFT Security

Status
Not open for further replies.
ramam1

ramam1

Programmer
Mar 20, 2009
226
US
Hey folks,
I'm wondering if anyone has experience locking down EFT (orchidsystem)?
We have things restricted so that the normal accounting operator can generate the NACHA files but cannot add nor edit bank accounts. The file is dropped into a server directory by the EFT module and then a separate user (executive) uploads the file to our bank and a second exec approves them[note that these guys aren't going to read through a NACHA file to confirm destination account numbers as the volume is to high]. The issue I'm facing is that the user who runs the EFT module and creates the NACHA files also must have the ability to write files into the EFT output directory... thus they could in theory hand build a file with their own account information in it.
Have you worked around this issue? Orchid has not been great at supporting me ("Our website is for Accpac dealers only") - I don't have access to their KB so I thought I'd give it a shot here.

thanks!
 
Sort by date Sort by votes
You may have luck giving that person create-only rights to that folder, but I've never tried it.
 
Upvote 0 Downvote
Thanks Tuba, I thought about that. I can apply fine grained controls (ACLs) but granting create permissions is both necessary and problematic as the user could build a NACHA file manually and drop it in there. This could work if I could ensure the origin of the file is the EFT module but that's non-trivial... I think.
 
Upvote 0 Downvote
Mmmm I still have to meet a user that can build any text file, let alone a NACHA file. There are hash totals built into the NACHA file format to prevent a user from modifying an existing file.
 
Upvote 0 Downvote
You are right Ettienne that the accountant is not likely to figure out how to build a NACHA file but the dollar amounts are significant so I want to address this if I can. My best solution, so far, is:
1 grant user create access in the EFT module output directory but not the new 'verified' dir.
2 schedule a script that checks each file in the output dir and either moves files to the verified dir (which only the script can write to) or otherwise emails them to me and the CFO to see why non-approved accounts are specified to receive funds.
3 make sure the execs only process files from the 'verified' folder

Should get the job done.

FYI The NACHA format for this file seems to be pretty straight forward to parse - fixed length fields; I only care about detail records (column 1='5'), the account number is columns 13-22, and the Orchid EFT vendor account table/fields to compare against are ELVEND.ACCNO for the account number and ELVEND.STATUS = '2' for active.

thanks again folks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

vbdbcoder
  • Locked
  • Question
macro and security
Replies
1
Views
124
Jay Converse
Jay Converse
vbdbcoder
  • Locked
  • Question
How to remove the security warning box when launching a custom program
Replies
5
Views
98
Jay Converse
Jay Converse
Maggied
  • Locked
  • Question
EFT 2014
Replies
2
Views
48
Maggied
Maggied
hado34
  • Locked
  • Question
Transaction description in Security group 1
Replies
9
Views
111
ettienne
ettienne
jsh8286
  • Locked
  • Question
EFT Tab Missing in Payroll 1
Replies
7
Views
51
jsh8286
jsh8286

Part and Inventory Search

Sponsor

Back
Top