[oXygen-user] security risk when using exist from oxygen ?!
Octavian
Fri Oct 23 07:49:58 CDT 2009
Hello,
Thank you for reporting this problem. The users credentials should have
been filtered from the system ids presented in results panel. We made
the necessary fix and a new oXygen build will be available later today.
Best Regards,
Octavian
--
Octavian Nadolu
<oXygen/> XML Editor, Schema Editor and XSLT Editor/Debugger
http://www.oxygenxml.com
Christian Wittern wrote:
> Hi there,
>
> I just discovered what I think is a security risk, or at least a flaw in the
> way oxygen presents system ids.
>
> When evaluating a XPath for a document that is accessed through webdav on an
> eXist database, the results are displayed in the bottom pane of the window.
> The column for system ID will show the users credentials, that is, account
> name and password in clear text. It seems a potential risk to me to expose
> these things, so I wonder if there is a way to hide that.
>
> All the best,
>
> Christian
>
>
>
More information about the oXygen-user
mailing list