More in this section
Forums / General Discussions / Security Compromised

Security Compromised

The forums are in read-only mode. In case that you want to directly contact the Progress Sitefinity team use the support center. In our Google Plus group you can find more than one thousand Sitefinity developers discussing different topics. For the Stack Overflow threads don’t forget to use the “Sitefinity” tag.
2 posts, 0 answered
  1. Neil
    Neil avatar
    82 posts
    21 Oct 2006
    18 Aug 2010
    Link to this post
    I noticed the google analytics module stores plain text in the GoogleAnalyticsProviderConfiguration.config xml file with all the account information aswell as username and password for the account. When using google this username and password is also associated to Gmail, adwords and other accounts that expose credit card information and addresses. Due to xml files not being secure by nature can't believe what I am seeing and really poor implementation that exposes customers to data theft on any system that is compromised. This is not a secure solution and would have at least expected the password to be encrypted and decrypted similar to CryptographyHandler. Security isn't an option its a requirement and cannot sugar coat my experience.

    Best Regards,

  2. Georgi
    Georgi avatar
    3583 posts
    28 Oct 2016
    18 Aug 2010
    Link to this post

    Thank you for your feedback. 
    You are right about the credentials and the way they are saved in the beta release. This will be changed in official release. Furthermore, the settings and credentials will be kept in the project database, in encrypted form. 
    Thank you once again. We have added 500 points to your account for reporting the issue. 

    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
2 posts, 0 answered