Comments on: Kashflow's security nightmare

By: Dell Product Reviews

Dell Product Reviews — Sun, 19 Sep 2010 22:53:28 +0000

Dell Product Reviews…

Great! I can always use some extra money. Or at least ways to makes them. I think these ways you present here Donald, prove that if we dig deep, we can find a lot of skills and resources we posses which we can use to make money. And some people think t…

By: LTech – Holding Hands in the Move to SaaS

LTech – Holding Hands in the Move to SaaS — Fri, 20 Aug 2010 17:54:15 +0000

[...] apps. Interestingly it’s a similar play to that of KashGuard and regular users will remember the epic storm that arose over that particular offering. As an aside I wonder if commenters who lambasted KashFlow [...]

By: LTech – Holding Hands in the Move to SaaS | CloudAve

LTech – Holding Hands in the Move to SaaS | CloudAve — Fri, 20 Nov 2009 06:44:30 +0000

By: Time for SaaS to grow up | AccMan

Time for SaaS to grow up | AccMan — Tue, 13 Oct 2009 08:02:38 +0000

[...] The blow up I had over access controls was really the start of what I hope will be a journey of maturity for the industry. If nothing else it made me realize that what the industry perceives as ’secure’ and what customers perceive are worlds apart. Add in the fact that in recent days we’ve seen a string of fiascos from some of the most mature companies in the tech space and you just know there’s a wake up call here – for everyone. [...]

By: Kashflow wants to sue AccMan: allegedly | AccMan

Kashflow wants to sue AccMan: allegedly | AccMan — Fri, 18 Sep 2009 06:55:53 +0000

[...] content with the vigorous debate around my post that Kashflow has a security nightmare it seems the company believes this site has libeled it and damaged its business. Software sales is [...]

By: SaaS gets heated. Needlessly. | Sanity with Sage

SaaS gets heated. Needlessly. | Sanity with Sage — Sat, 22 Aug 2009 08:47:01 +0000

[...] the issue reported by Dennis Howlett is actually very different, as it is really a feature choice (and yes I do know that security is a [...]

By: Chris Padfield

Chris Padfield — Tue, 18 Aug 2009 16:20:04 +0000

This argument seems to be very odd given how simple the situation is.

#1 Kashflow does not have user permissions. This may be a reason for you not to buy the software – is so that's fine. Clearly lots of people don't care about this given Kashflow has customers.

#2 Kashflow are aware that this is a feature some people might want. They may add it in the future (as they agree there are reasons for having it) but it is not a priority now. There are features their users want more.

#3 Kashflow has a completly open API so another software company can create any sort of limiting aroud that API if they want. There seems to be a lot of misunderstanding about whan an API is and what it is for from Dennis.

#4 Even should Kashflow add user permissions to their system which I presume they will some day, assuming they keep a full API (which they would be crazy to change) then someone could still build a permission system on top of that API if they want that replaced whatever Kashflow had created.

#5 It seems that Dennis problem with the software has changed a lot from the FUD in the first post to it just being a matter of having to pay extra to someone else for a feature *he* belives should be included. Again, this is the exact eco-system I presume Duane is trying to create around Kashflow.

What a storm in a teapot!

Discloser: I am trying out Kashflow and considering being a customer – but not made my mind up yet.

By: Nibbling Around the Edges – KashGuard for KashFlow | CloudAve

Nibbling Around the Edges – KashGuard for KashFlow | CloudAve — Mon, 17 Aug 2009 17:36:49 +0000

[...] – this post seems to have caused something of a storm, to say the least. An AccMan post referencing it has generated a flood of comments, some positive, some negative. It also seems to [...]

By: Dennis Howlett

Dennis Howlett — Mon, 17 Aug 2009 17:11:48 +0000

@M: for the sake of clarity and to be 100% fair on this, the industry is not good at setting standards about these issues. Therefore, vendors often have to make it up as they go along as best they can although there are emerging standards.

However, my concern is, and always has been, that allowing a 3rd party to develop multi-level access as a very specific function, I am incurring an extra cost that should be part of the core offering from the main vendor (I don't know any other that has a separate charge for this) and in turn the main vendor is creating a problem for itself that exposes a level of risk I believe is unacceptable.

Sunir has written a very good comment in this which I have put out as a separate post.

Despite acknowledging the issue in our call, DJ chooses to argue about it rather than see that all but himself see this as an issue. That's a great shame because as I've said in a few places, this is easy to resolve. Buy the code.

By: Emily Coltman

Emily Coltman — Mon, 17 Aug 2009 16:39:52 +0000

@David: "For me that ability to collaborate is one of the key advantages of a SaaS approach over good, but stand-alone products like MYOB. It could be the accountant, a business partner, a supplier – any size of business can benefit from that sort of collaboration."

I agree, David.

I would say that multi-level permissions are more valuable for a SaaS product even than for a desktop product – because of this.

The accessibility of the data in real time to users such as an accountant is one of the big pluses of SaaS.

So then the questions start cropping up as to which areas different users should be able to see.

Why would a business partner / a supplier need to see the bank reconciliation, which they probably wouldn't understand if it jumped up and bit them on the nose?

And sometimes it's useful to limit the areas an end user (business owner) can reach, such as journals.

So I would agree that multi-level user permissions are a big plus in the SaaS world.

If KashFlow are providing them, whether through the system itself or a third party, as an idea that's good news.

I'm not techie enough to know whether that service is secure having read this. I don't understand a lot of the terminology. But I have a high level of respect for Dennis's expertise and an amber light from him would probably, like Richard, send me running for the hills.