Thanks Dragon. Now it's not FUD. You have concrete examples.
I can't find anything in your list that's exclusive to XPages or for that matter, Domino itself. URL command hacking and form-based content injection is a problem on any web application regardless of platform. (Of course, protecting from injection is vastly easier in XPages than it is in classic Domino. Try the htmlFilter property on any input.) Most developers don't remember to sanitize their inputs on LAMP sites either.
For that matter, most devs don't do a good job of securing their Notes client apps very well. Or their Access apps. Or their Windows applications. It's honestly kind of amazing any of us are still employed if you think about it. Every application on the planet is written with poor security considerations and is constantly open to data compromise.
Thanks Dragon. Now it's not FUD. You have concrete examples.
I can't find anything in your list that's exclusive to XPages or for that matter, Domino itself. URL command hacking and form-based content injection is a problem on any web application regardless of platform. (Of course, protecting from injection is vastly easier in XPages than it is in classic Domino. Try the htmlFilter property on any input.) Most developers don't remember to sanitize their inputs on LAMP sites either.
For that matter, most devs don't do a good job of securing their Notes client apps very well. Or their Access apps. Or their Windows applications. It's honestly kind of amazing any of us are still employed if you think about it. Every application on the planet is written with poor security considerations and is constantly open to data compromise.