Microsoft R/Machine Learning Server is vulnerable! Any LDAP user can access any folder/document of any other user! RRS feed

  • Question

  • Greetings,

    Is there a way to force R Server to apply the permissions of the authenticated LDAP user when calling remoteLogin? Currently, it applies the permissions of the RServe9.0.0.0 user which is a service user! This means that each user will be able to access other user's sessions workspaces and that defeats the purpose of data security and the purpose of LDAP authentication to begin with!


    Monday, September 25, 2017 6:22 AM