Security Hole? *.JDE files

Ì have found a security hole that I can't plug involving *.JDE files.

We have taken away the user's Fast Path and have restricted them to a menu we made for them. But if the user creates a file named GO.JDE (for example) with this in it:

[OneWorld.Application]
Menu=G
IsMenu=1

they can enter directly into the G menu. Short of securing every single app, how do I keep them from doing this?

(We've done other security measures, such as restricting menu revisions, user revisions, and new tabs)

Thanks in advance.

Tim

I have found that the best way to handle security is to secure *all then grant back as need. Our security used to be menu drive but when we upgrade to XE, I re-did security from scratch. I had heard that menus (oexplorer) will go away in future releases and be replaced by solution explorer. I don't know if that's still the case.

Patty

Yes. I have been dealing with OneWorld security and Solution Explorer task issues...B9 is where the change is to take place. Group security as we know it will be eliminated, and Roles and Tasks will become king.

And that is why menu manipulation cannot be considered security.

Tim,

I agree with the other posted comments. Only Inclusive security where you revoke everything from *PUBLIC and then grant access to specific applications can be considered secure. Even if the ability to use .JDE files to circumvent menu security were eliminated you would still be faced with the possibility that users could navigate their way to forbidden applications using row and form exits.

I try to introduce the inclusive security policy at the beginning of my projects. If the project team configures security as they are setting up menus then the effort of granting access for each application is not such a big deal.

Regards,