[oXygen-user] security risk when using exist from oxygen ?!
Christian Wittern
Fri Oct 23 04:30:29 CDT 2009
Hi there,
I just discovered what I think is a security risk, or at least a flaw in the
way oxygen presents system ids.
When evaluating a XPath for a document that is accessed through webdav on an
eXist database, the results are displayed in the bottom pane of the window.
The column for system ID will show the users credentials, that is, account
name and password in clear text. It seems a potential risk to me to expose
these things, so I wonder if there is a way to hide that.
All the best,
Christian
--
Christian Wittern
Institute for Research in Humanities, Kyoto University
47 Higashiogura-cho, Kitashirakawa, Sakyo-ku, Kyoto 606-8265, JAPAN
More information about the oXygen-user
mailing list