Dear All, We have experiencing an issue with the security of ISPConfig. We have wrote 2 modules for managing some objects (Exchange Mailboxes and vmware VPS). For each module, we use the internal security of ISPConfig. In fact, this is sys_groupid / sys_userid (etc..) columns in each table, and $form["auth"] = 'yes' on all tables (tform). Each customers have access to their own objects, no problem at all. But yesterday, we saw that a customer have deleted an object , for another customer. We trace all what we can. The sys_groupid is different OK. (First customer have 22 and the second have 8.) The first customer delete an object , on the table the sys_groupid have 8 (before the deleted action, we saw them on the backup). Apparently, the customer have see an object that they don't need, and they just drop it. How this should be possible ? Is anybody have also experience of this situation ? Thanks for your help.