Security Compromised - Sitefinity - General Discussions

All Replies

Posted by Community Admin on 18-Aug-2010 00:00

I noticed the google analytics module stores plain text in the GoogleAnalyticsProviderConfiguration.config xml file with all the account information aswell as username and password for the account. When using google this username and password is also associated to Gmail, adwords and other accounts that expose credit card information and addresses. Due to xml files not being secure by nature can't believe what I am seeing and really poor implementation that exposes customers to data theft on any system that is compromised. This is not a secure solution and would have at least expected the password to be encrypted and decrypted similar to CryptographyHandler. Security isn't an option its a requirement and cannot sugar coat my experience.

Best Regards,

Neil

Posted by Community Admin on 18-Aug-2010 00:00

Hello,

Thank you for your feedback.
You are right about the credentials and the way they are saved in the beta release. This will be changed in official release. Furthermore, the settings and credentials will be kept in the project database, in encrypted form.
Thank you once again. We have added 500 points to your account for reporting the issue.

Greetings,
Georgi
the Telerik team

Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed