Don't trust your Groove spaces

by Volker Weber


You can hide a tool in Groove Workspace but you can't protect the data. You are led to believe the data is protected but in fact it isn't.

If you share a Groove space with a number of people, you can assign roles to them. They can be either manager, participant or guest. You can now define which permissions those roles have, both at the space or the individual tool level.

Now let's assume you have one tool that contains data, which only managers are supposed to see, and you assign read permission only to managers. Participants and guests can see this tool tab but not the data in it. Everything is fine so far, although I would prefer to hide the tool completely.

Now, here is the problem: If a participant duplicates the space he will automatically be manager of the duplicate and see all the data in the managers only tool. How bad is that?

Summary: If you put data in a Groove space, then every member can see it. Roles do not protect the data. In Groove's diction, this is not software problem, but a perception problem.


1) This issue was blown way out of proportion

Bubba, 2002-08-22

Bubba, even if you are in the shrimp business, there is no need to hide. We do record IP addresses (and trace them). :-)

Volker Weber, 2002-08-27

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe