0 votes

Working in a sensitive situation, a team member’s Windows computer has been stolen. It is very possible someone is trying to access the team’s PT data and user information.

What needs to be done now to secure the PT data and PT user information?

For instance, with physical access to the machine I would assume the attacker will be able to get past the Windows user log in and have full access to PT as the registered user. I would not want S/R to go to that machine anymore.

Do we simply register a new user and change the project settings to take the original user account away? What else?

Paratext by (166 points)

1 Answer

0 votes
Best answer

Your idea is the best I can think of for Paratext 7.

Once everyone gets the updated user permissions, they will stop receiving
changes from the old user and if the person with the computer does a send
receive, they will be removed from the project.

John+Wickberg
Paratext Support

by [Administrator]
(3.1k points)

reshown

I have a question on the order of things here. Let’s say:

· The Admin removes the potentially malicious user from the project and does an Internet S/R.

· The malicious user makes malicious changes (before doing an Internet S/R to receive the updated Users, Roles, and Permissions), and then they do an Internet S/R.

Are the changes from the malicious user uploaded before the changes to Users, Roles, and Permissions are received and processed? Or, does Paratext see that the malicious user was removed from the project and therefore does not allow the malicious user to upload changes?

Thanks,

SIL+LSS+PNG

image

I would assume that when the Project administrator does a
(subsequent) Send/Recv, he/she will be notified of any changes that
any of the users have made. So if changes appear from the
rogue/malicious user, it would be easy enough to say "Undo changes"
in that dialog box to remove any changes that they have made. (and
after their final s/r there shouldn’t ever be anything else coming
through from them).

Mark

Paratext 7 and 8 always contact the server before doing a S/R to check the permissions set by the administrator so if the admin removes them from the project, that user should not be able to do a S/R and their changes will not be seen by other users.
However, security in Paratext 7 is not quite as tight as in 8, so I wouldn’t say there is no possible way that someone couldn’t contaminate the project if they tried hard enough. I would still pay attention to changes coming in and make sure no changes are done by that user.

I can’t tell in the email history if this was mentioned but you can also
tick “Administrator must receive changes before they are received by
others” to keep control of things for a little while. But remove it as soon
as you can because it clogs things up a lot normally.

Blessings,

Shegnada J.

Language Technology and Publishing Coordinator, Nigeria

Text Processing Specialist GPS Dallas

Skype: Shegnada.SIL+LSS+PNG.

+[Phone Removed]

Related questions

0 votes
3 answers
Paratext Mar 15, 2019 asked by [Moderator]
dhigby
(1.3k points)
0 votes
1 answer
Paratext Feb 18, 2023 asked by anon554738 (140 points)
0 votes
1 answer
0 votes
3 answers
Welcome to Support Bible, where you can ask questions and receive answers from other members of the community.
All the believers were one in heart and mind. No one claimed that any of their possessions was their own, but they shared everything they had.
Acts 4:32
2,645 questions
5,394 answers
5,065 comments
1,437 users