Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.
Learn More

AFCS Unsecure username and password can view while tampering

Avatar

Level 1
Level 1
6/30/10 11:12:33 AM
  • We noticed that when we tamper data we are seeing the username and password. We hope this will solve ASAP
  • How to limit messages in Chat history, I need to delete old messages, it must only leave 50 messages.

Views

1.3K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Former Community Member
6/30/10 11:32:09 AM

Hi ghost,

From where and how are you tampering the data? The client? If so, are you logging in with a developer username and password? It's absolutely not recommended that you embed your developer credentials in a deployed application - it's fine during development time, but not with public facing apps. Could you describe more of what you're seeing?

  thanks

  nigel

Views

316

Replies

0

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
6/30/10 11:22:32 PM

Yes, i also notice that when i used the tamper data of firefox plugin.. the account username and password shows the post data.,, this is the part of my code

          con = new ConnectSession();
            var auth:AdobeHSAuthenticator = new AdobeHSAuthenticator();
            auth.userName = usern;
            auth.password = pwd;
            con.roomURL = room;
            con.authenticator  = auth;
            con.addEventListener(SessionEvent.SYNCHRONIZATION_CHANGE,onSyncs);
            con.login();

Views

325

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
7/1/10 1:08:32 AM

Hi Guys,

Again, I'd like to point out that you SHOULD NOT BE DEPLOYING APPS WITH

YOUR DEVELOPER CREDENTIALS EMBEDDED IN THE SWF. Please check out section 6.4

of the Developer Guide PDF - while you're building your app, it's necessary

to use developer credentials, but as soon as you want it to be

public-facing, you should move on to either anonymous (guest) authentication

or external authentication. You can also listen to the video tutorials,

which make this clear as well.

Even without TamperData, it would be just as easy to decompile your client

SWF and steal the username and password there.

If you follow the authentication models described in the developer guide

for deploying, you shouldn't run into any situations where anyone can steal

your developer credentials.

thanks

nigel

Views

316

Replies

0

Total Likes

Translate
Translate
Related Conversations
Is Adobe live cycle ES2 9.0.5 version compatible with SQL server 2017 and above ? Solved

Views

674

Likes

0

Replies

2
How to binding the same Data View Table item in several tables - SAP Cloud Solved

Views

6.2K

Likes

0

Replies

2
Binding and XML Data Solved

Views

798

Likes

0

Replies

2
FormCalc error messages after signing (and locking) form: cannot change properties (of locked fields)

Views

701

Likes

0

Replies

2
How to display Date-picker months and days in French in ALC

Views

501

Likes

0

Replies

1