1-888-365-2779
+1-888-365-2779
Try Now
More in this section

Forums / General Discussions / Security Compromised

Security Compromised

2 posts, 0 answered
  1. Neil
    Neil avatar
    82 posts
    Registered:
    21 Oct 2006
    18 Aug 2010
    Link to this post
    I noticed the google analytics module stores plain text in the GoogleAnalyticsProviderConfiguration.config xml file with all the account information aswell as username and password for the account. When using google this username and password is also associated to Gmail, adwords and other accounts that expose credit card information and addresses. Due to xml files not being secure by nature can't believe what I am seeing and really poor implementation that exposes customers to data theft on any system that is compromised. This is not a secure solution and would have at least expected the password to be encrypted and decrypted similar to CryptographyHandler. Security isn't an option its a requirement and cannot sugar coat my experience.

    Best Regards,

    Neil
  2. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    18 Aug 2010
    Link to this post
    Hello,

    Thank you for your feedback. 
    You are right about the credentials and the way they are saved in the beta release. This will be changed in official release. Furthermore, the settings and credentials will be kept in the project database, in encrypted form. 
    Thank you once again. We have added 500 points to your account for reporting the issue. 

    Greetings,
    Georgi
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered