Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Strange Aloha security question 3

Status
Not open for further replies.

alohaakamai3

IS-IT--Management
Aug 11, 2006
482
US
I have a client that was upgraded to version 6.1x a while back, and when the dealer did it, they completely locked them out of doing even some of the most basic things.

I know part of CISP/PCI was to remove the Alt-X, and I am totally ok with that, but I think that this was pretty deliberate on the part of the dealer, to make it so they had to call them for stuff they shouldn't have to (and not just stuff that is dangerous for the customer to be modifying, but even stuff like report formatting).

I think I should throw this in- I know a lot of the people who participants in this forum have worked for dealers and are very helpful, so I don't want to make any false accusations here or offend anyone. It just seems like some stuff was locked down that shouldn't have been, and there are other sites on this version that the dealer has upgraded that have not been locked down, so I don't think it's something the upgrade did automatically. They have never owed the dealer money and there is nothing shady going on in terms of this client- a new manager came in and just wants to see some different report options- so not having a master password for the last year had previously not been an issue, but it is now.

I guess I have two questions.

1- The Alt-X doesn't work. I am thinking of downgrading their version to a previous version where the Alt-X does work, and either leaving it on that version, OR upgrading back to where they were and hoping it leaves the access privileges in place. Will this work? Or is there an easier way that doesn't involve calling there dealer?

It's kind of a lot of hassle, but the idea that they would try to lock them out of their own systems basic functions (which I believe they did because they knew the system was being serviced by someone else) irks me a little (and irks the client a lot).

2- What is the official method of disabling the Alt-X? This is more just curiosity thing for me. Some systems on versions that are even higher versions that this client, don't have it disabled at all. Is this something you can turn off and on in the software settings? (obviously I can't do that in this instance anyway since I don't have the criteria to access it in the first place).

Sorry for the long post, and thanks!
 
ALT-X is only removed in versions 6.4 and higher. Anything lower, the ALT-X is still available. Yes, you can disable ALT-X in any version previous to 6.4.


There are two methods in version 6.4 and higher to get around this issue:
1.
Use Radiant Command Center (RDF) which has a remote Aloha manager login function.

2.
Version 6.5 and higher supports the use of a corporate database function.

MegabyteCoffee.com
 
Creating an IBEREXE.DLL file in the ALOHA application software BIN folder disables the Alt-X login method for the Back-of-House
 
Thanks Coorsman and Metabyte for your responses.


I typically do agree in protecting trade secrets to a certain extent (regarding Metabytes comment), especially when it comes to things that can be misused or be to the customers own detriment, but with something like this (particularly in my situation) -this is not one of them.

I am also a dealer of different software package (I only do work on a few other systems for long time clients), so I know what it's like being on the dealer end of things with clients that don't pay, etc and also the power of giving out information about systems- good and bad. We should always use discretion.

However, it really looks like in this case, the intention of dealer was to prevent access to both the client and any third party they wished to use, from accessing stuff that was of no danger at all- simply to maintain control over them as a customer. They knew this site was maintained by a 3rd party before they were contacted for this upgrade and this was likely planned by them as a way to force the client into using them. And for no good reason. When it comes to anything serious like upgrades or ecard or something that the dealer would be better equipped to handle, I always refer them to their dealer.

Aloha is a strong software with a strong dealer network. IMHO, this dealer should be focusing on new installations and superior service, rather than trying to force clients to use them by nickle and diming them locking them out of the systems they paid for-which wasn't going to happen anyway, as far as I was concerned.

Thanks Coorsman, you saved me a few hours of work over something that was otherwise pretty petty and pointless.
 
Thanks Megabyte

I wasn't going to give him the password. ;)

 
I really wish the site had to a private message feature for more sensitive topics. And they don't like us posting email address. But you didn't reveal anything all the sensitive here and none of it was going to stop me or any other determined individual of getting around the problem. In all the ALoha sites I have supported over the years, I've never seen this feature employed, so I doubt it is that critical. Besides, all it really allows you to do is use the Alt-X, the instructions without the knowledge of how that works is useless.

I sincerely appreciate it coorsman, all it really did was save me some time and hassle.
 
No problems guys.

I work real closely with Radiant (They are less than 1.5 miles from my office), and some of their developers will even be at my office this week again. On a public forum, I just don't feel comfortable saying some things that I can say more freely privately.

-Chris


MegabyteCoffee.com
 
The other issue that no on address is that Alt-X was originally intended for the convenience of a trained Aloha Service Tech. It was never intended for the customer to use. As a former reseller, I can tell you that I had customers from very technically literate to those that didn't want to even program their own prices. The challenges where the customers who thought they knew more than they did and went ahead and made changes that adversely effected their system and I ended providing emergency service.

Every reseller is different. We tried to find a balance between features that an end-user would reasonably need to access and options/programming that would never need to be changed.

It seems that in this case the reseller may have overextended and should be contacted to ask them to revise the back office security settings.
 
Correct me if this don't sound right, but can't you create your own super user called dealer or something. If they ever delete it or screw with the password, then you can restore an emp.dbf file from an old dated sub where you know it existed.

Bo

Remember,
If the women don't find you handsome,
they should at least find you handy.
(Red Green)
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top