|
Posted by Alex on August 7, 2008, 3:12 pm
Please log in for more thread options
SECURTIY WARNING: Popping the Cash Drawer WITHOUT Leaving a Trail!!!!
Anybody in RMS who is allowed to enter Opening and/or Closing amounts can
pop the cash drawer at will WITHOUT leaving any paper/journal trail of this
activity at all.
Unlike the NO SALE function, which you can set up in Manager to journal and
to require a reason code, the entering of opening and closing amount pops
the cash drawer without requiring (or being able to require) a reason code
and worst of all it does not record this activity any where. So anybody that
has access to these functions can essentially perform No Sales/pop the
drawer at will without leaving any evidence at all!
This is a huge security issue/risk which I reported to Microsoft but they
claim that this would involve a "major overhaul" of the program and
therefore won't be able to do this unless either more people complain about
this security problem or "maybe" in a future version of the program (yeah
right!). The lack or willingness of Microsoft RMS to fix this security issue
or even give a solution time frame for any bug fixes is very frustrating to
say the least.
Currently our only partial workaround is to give only the managers access to
this functionality which is very inconvenient since this puts unnecessary
work load on them and since we have multiple and overlapping manager shifts
it would be hard or impossible to pin point (potential) cash drawer
problems. Furthermore, this defeats the whole purpose of journaling No Sales
since they can essentially perform No Sales by just "pretending" to enter
opening or closing amounts (again).
As far as I know this is the only cash drawer pop in RMS that doesn't get
recorded (or at least has an option to get recorded). Any access to the cash
drawer should absolutely be recorded.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML Sitemap