Credentials Exposure Vulnerabilities In Custom Web Publishing With XML and XSLT

[Ocean West]

Custom Web Publishing (CWP) carries with it inherent vulnerabilities for the exposure of any credentials a user enters into a browser’s credentials dialog box. As a result, developers likely should follow a restrictive policy for these credentials. Circumstances and attendant adverse impact will vary from situation to situation. The bottom line however is this: CWP credentials are subject to being intercepted and retained without any warning to users and without any knowledge that a breach has occurred.

Download the article today at: http://www.fmpug.com/members_download.php?filename=credentialexposureincwp.pdf&free=true

Many thanks to Steven Blackwell for writing this article and choosing to publish it through FMPug.

[Raybaudi]

Hi Stephen

there are NOW ( 09/27/2008 3:00:00 in Italy ) more than 50 anonymus ( and that number is growing ) that are seeing this post !

It's an intrusion ?

Edit: Now 3:30:00 only 4.