Best Practices for Using Cached Credentials
If you use cached credentials for SFTP directories or mapped drives, the best way to control user access to network resources is by using the default [Client user] option and configuring network access using Windows user and group settings.
Caution: If you decide to grant access to client users by specifying an alternate credential, you should review the information presented here to understand how to create a configuration that provides users with access to the data for which they are authorized, but does not grant them access to data for which they are not authorized.
The following issues can affect user access when you specify a credential other than [Client user].
Review these guidelines to help ensure that you are providing access to authorized data only.
If you use an alternate credential, use any or all of the following to help ensure that client users can't access unauthorized data by using the privileges associated with another user's credentials.
The following two scenarios involve two users, Mary and Joe, in an organization that has two folders, downloads and payroll, on the same server (acme.com).
Mary's account does not have access to any folders on the acme.com server.
Joe's account (acme\joe) has access to two locations on the acme.com server:
The following scenario shows how an administrator configuring mapped drives might open up a potential leak of information stored in the payroll folder.
When Mary connects, Joe's credentials are used to provide access to the O: drive. Although the P: drive is not mapped, Mary is still able to access the payroll folder (and any other folders on acme.com to which Joe has rights). For example, Mary can manually map a drive to \\acme.com\payroll from her terminal session without having to authenticate because she is already using Joe's credential, which gives her access to this folder.
To prevent this, the administrator should move the downloads folder to a different server and/or change the credential used for drive O: to a user who only has access to the downloads folder.
The next scenario shows how an administrator configuring SFTP directories might open up a potential leak of information stored in the payroll folder.
When Mary logs onto the server using an SFTP client, Joe's credentials are used to provide access to the downloads directory. Mary's SFTP client session won't show the payroll directory. However, she might use the connection reuse feature to open a terminal session that will use the credentials that were already established for the SFTP connection. From this terminal session, Mary can access content in the payroll folder by manually mapping a drive using Joe's privileges.
To prevent this, the administrator should move the downloads folder to a different server, change the credential used for the downloads virtual directory to a user who only has access to the downloads folder, and/or disable access to the terminal shell.