I didn't get to attend the UKLUG, and would be interested, as I am sure others are, in hearing the inforamtion you presented.
We can't stop someone reading URL parameter data and writing it as HTML but I would like to see how many of the issues you have discovered/observed are flaws, vulnerabilities, bad default values, best/bad practice, knowledge, etc. to see what we can do out-of-the-box to prevent or minimise XPages developers doing anything which would be considered bad.
Hi Dragon,
can you follow up with me on the security issues
jim dot quill at ie dot ibm dot com
I didn't get to attend the UKLUG, and would be interested, as I am sure others are, in hearing the inforamtion you presented.
We can't stop someone reading URL parameter data and writing it as HTML but I would like to see how many of the issues you have discovered/observed are flaws, vulnerabilities, bad default values, best/bad practice, knowledge, etc. to see what we can do out-of-the-box to prevent or minimise XPages developers doing anything which would be considered bad.
Thanks for your input/help,
Jim (Domino XPages Development)